Microsoft liberates 2 million PCs from malicious Citadel botnets

By on June 19, 2013, 7:30 AM
microsoft, pcs, malware, botnet, it security, citadel, computer virus

Earlier this month, we were made aware that Microsoft’s Digital Crimes Unit successfully brought down over 1,000 of the estimated 1,400 malicious computer networks, commonly referred to as the Citadel botnets. However, a statement made by Richard Domingues Boscovich, the assistant general counsel of Microsoft’s Digital Crimes Unit, casts a new light on just how many machines have been freed by their efforts. He said, "We definitely have liberated at least 2 million PCs globally. That is a conservative estimate."

The Citadel botnets, which are run by a ringleader known only by the alias Aquabox, have been used to steal upwards of $500 million from major financial institutions. Some of their victims include American Express, Citigroup, HSBC, JPMorgan Chase, Royal Bank of Canada, Wells Fargo, and PayPal.

According to Reuters, computers that have been infected with the software can collect valuable financial information by tracking and saving the user’s keystrokes. Due to the program’s ability to disable pre-existing antivirus software, the PC owner is left essentially defenseless.

It is currently unknown how many of the infected machines are still at large, but Boscovich believes that Microsoft's eradication program has surpassed any and all expectations. “We feel confident that we really got most of the ones that we are after,” he explained. “It was a very, very successful disruptive action.”

Unfortunately, not everything related to the case has been resolved. Aquabox and several other Citadel operators have yet to be tracked down. Many analysts suspect that the culprits are residing in Eastern Europe, most likely in either Russia or Ukraine. The big clue is that the Citadel software is nowhere to be found in these two countries; a possible indication that the crime ring doesn’t want to attract any local attention. Although this is only a small tidbit of information, it is the first step in determining the true identities of the criminals.




User Comments: 13

Got something to say? Post a comment
Guest said:

An attempt forgood press just to dissolve the wake of the Xbox debacle? Microsoft is due for a good deed.

Coodu Coodu said:

This is great news, $500 million, that's crazy stuff..

cliffordcooley cliffordcooley, TechSpot Paladin, said:

Earlier this month, we were made aware that Microsoft's Digital Crimes Unit successfully brought down over 1,000 of the estimated 1,400 malicious computer networks, commonly referred to as the Citadel botnets.
What about the people that create these botnets? I'm sick of reading stories like this where people are free to continue. I'm not stupid, I know these people can be tracked.

Coodu Coodu said:

Well, one would hope that this at least brings them closer to the source, we can only hope anyway

Guest said:

Track these down, nah there more interested in illegal file sharing and its probably the companies in question running an insurance scam anyways

Cycloid Torus Cycloid Torus said:

Track these down, nah there more interested in illegal file sharing and its probably the companies in question running an insurance scam anyways
Umm..it is illegal file sharing. Just that it is financial and not videos...hope our protectors are just as interested.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

hope our protectors are just as interested.
They probably are, especially the ones prospering by turning a blind eye.

VitalyT VitalyT said:

So, now Microsoft is a liberator and not enslaver?

H3llion H3llion, TechSpot Paladin, said:

An attempt forgood press just to dissolve the wake of the Xbox debacle? Microsoft is due for a good deed.

Doubtful, most gamers will not care for this "good" deed anyway.

Guest said:

Now if they could liberate all the other people from the virus called Windows, we would be good.

hitech0101 said:

When will you be liberating us from win8 M$ ?

lipe123 said:

This is hardly the first time MS has done this, if you looked at the articles over the past year I think its the 3rd time they helped take down a major botnet.

However the biggest issue here for me also is that while the software side of things are taken care of the creators of these net's need to be fined and imprisoned or forced into some kinda rehab program (or join the USA's PRISM program hahaa).

I think they need to get closer ties with interpol because generally local authorities can do nothing but beg the offending country's law enforcement to do something and the response I think would be "we have 1000's or murders/poverty/massive unemployment, don't care about your cybercrime issues"

Raoul Duke Raoul Duke said:

Only allowed malware is the MS backdoor for providing info to PRISM etc. All others are verboten

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.