Microsoft, FBI Shutter Citadel Botnets Seeking to End $500M Crime Spree
Microsoft, financial groups and the FBI cooperated to take down botnets that used the Citadel bot software to control as many as 5 million compromised systems.In its most ambitious botnet takedown to date, Microsoft cooperated with major financial industry groups, technology partners and the FBI to disrupt the operations of more than a thousand botnets running on a common crimeware platform and responsible for at least $500 million in consumer and business losses. On June 5, accompanied by U.S. Marshals, Microsoft technicians seized servers at two data centers in New Jersey and Pennsylvania, and with the help of the FBI, coordinated with computer emergency response teams and registrars in 87 countries to sinkhole domains used by the 1,452 botnets built on the Citadel malware. The coordinated action, announced by Microsoft and the FBI, aimed to shut down the ability of criminals to use the Citadel bot software to continue to steal information and money from the estimated 2 million to 5 million users and businesses whose systems are infected by the malware. "I think it will be a very, very aggressive and disruptive action–it's a full takedown," Richard Boscovich, assistant general counsel for Microsoft's Digital Crimes Unit, told eWEEK. "We'd love to say we get 100 percent, a kill shot like with Rustock, but given the number of bots involved and the complexity and logistics, we think we will be successful if we have a good, disruptive action driving up their cost of doing business." The takedown of the Citadel botnet is Microsoft's seventh operation against bot operators and their infrastructure. Starting with Waledac in March 2010, the software giant has gathered data on a variety of botnets and built civil cases against the criminal bot operators. Then, through coordinated actions with partners, the company has disrupted the operations of those botnets. While most botnets have been resurrected in some form by the criminals groups running them, Microsoft managed in March 2011 to completely take down the Rustock botnet, which stopped sending out spam altogether.
"When you take away that many computers and infrastructure, there is a cost associated with that, and that has always been our objective," Microsoft's Boscovich said. "Just having to re-infect people is going to be harder and harder."