According to TechNewsWorld, kind of super alliance featuring the FBI, Microsoft, financial and tech companies teamed up to take down some 1,400 botnets that utilized the Citadel Trojan to take victims’ online banking information and other information. The assault on the botnets began in 2012. Richard Boscovich, the assistant general counsel of Microsoft’s Digital Crimes Unit said, “This was a lengthy process, and we relied heavily on our financial services and technology industry partners to ensure that we would be able to take aggressive action against this threat.”
A civil suit against 82 botnet operators was filed last week. Microsoft also severed communications between the botnets and millions of PCs struck with the Citadel Trojan. Microsoft reps and U.S Marshalls seized computer servers from data hosting facilities in New Jersey and Pennsylvania that were used in the nefarious acts. Organizations overseas have also been notified about the ring by Microsoft and the FBI and the FBI continued to serve search warrants on botnets operating in the United States.
FBI spokeswoman Jenny Shearer told TechNewsWorld, “I believe we shared some information with our foreign law enforcement partners.” The degree of the effect on botnet operations wasn’t disclosed.
As stated before, several other tech companies joined in on this assault on cybercriminals. A10 Networks provided advanced sinkhole infrastructure technology, Nominum chipped in a strong DNS solution, and Agari detected phish from the botnets when they were hitting their customers and alerted Microsoft about the technology the botnets were using. Microsoft used their own developed tools as well industry partners’ tool to observe and ID malware activity and operators.
So who came up the botnet and how is Citadel used? Microsoft says that a “John Doe 1”—as he is named in the suit—probably handled and created the botnet and could be in Eastern Europe. The operators making use of this botnet are scattered everywhere, so it will be up to those countries’ law enforcement entities to take out the botnet and the threats they serve. However, with what Microsoft, the technology industry, and the FBI have done as a precedent that it can be tackled and tangible leeway can be made, they might look to this cybercrime fighting alliance for some assistance on how to approach it.
The Trojan found its way into botnet operators’ hand for $3,000 American. This gave them a kind of crimeware kit that includes a C&C serve infrastructure, config scripts to target banks, and payload builders. In layman’s terms, it’s a hit kit or crook book for criminals to do their work. Tools of the trade, if you will.
Symantec says that Citadel is a Trojan that targets online banking and has been in circulation since 2011. It is a more powerful version of the Zeus Trojan from 2007 that made news when it was used in an attack on the U.S Department of Transportation. In 2010, 90 suspected U.S members and members in the U.K and Ukraine of a global cybercrime ring were arrested after it was revealed that they used the Trojan to snag $70 million.
Citadel has caused some $500 million in losses and affected 5 million people globally. It was also able to render antivirus and antimalware useless by blocking their access to their home sites. Even though those antivirus services work now, Microsoft stated that because the Trojan is complex it could be impossible to completely take it out.
It is suggested that if a user believes their computer is infected, it’s best to clean their computer as soon as possible. Even with their work taking out the criminals, it’s believed that since it’s unlikely to totally take out the botnets they could possibly regain their control on computers infected.