Microsoft, FBI team up to take down massive bank stealing botnet

Microsoft has partnered with the Federal Bureau of Investigation (FBI) to take down a massive botnet responsible that stole over $500 million from bank accounts across the world.

For those unfamiliar with the term, a botnet refers to a program using the collective power of a variety of computers to perform commands. Typically these commands are issued by a command and control server, which is often another PC. Not all botnets are bad, but they can be used for malicious purposes.

In this case, the botnet, named Citadel, was used to compromise and syphon funds from bank accounts across the world. It did this by recording an infected computer's keystrokes to identify passwords and usernames for online bank accounts.

According to Microsoft, the botnet was spread through pirated copies of Microsoft Windows.

"Like many of our past operations, this investigation once again revealed how criminals are adapting and evolving their attack methods in order to continue to infect people's computers with malware," Richard Boscovich, spokesman for Microsoft's digital crimes unit said in a blog post. "For instance, during our investigation we found that Citadel blocked victims' access to many legitimate anti-virus/anti-malware sites, making it so people may not have been able to easily remove this threat from their computer."

Microsoft teamed up with the FBI and 80 other law enforcement agencies to take down the digital networks - primarily located in the U.S., India, Hong Kong, Australia, and Western Europe. U.S. Marshals (update, see below), according to The Telegraph, seized data, evidence and computer servers at facilities in New Jersey and Pennsylvania.

Overall, the cleansing, named operation b54, disrupted over 1,400 Citadel botnets.

The downfall of Citadel also marks the first time a major private sector company has teamed up with law enforcement agencies to seize suspected botnet servers.

The criminals behind Citadel, however, remain unknown, though they're widely suspected to be Eastern European, possibly residing in either Russia or the Ukraine. Citadel was purposefully designed to not operate in those two countries.

The operation, while damaging to the cybercriminals behind it, doesn't spell the end for Citadel. Boscovich said Microsoft doesn't expect to take the botnet fully offline. That's likely because most Windows users prefer to work with older, and less secure, versions of Microsoft's Windows operating system.

Update: June 8, 2013, 1:30 p.m. PST: Microsoft representatives have clarified that it was Microsoft employees, not U.S. Marshals, who seized computer servers from two data hosting facilities in New Jersey and Pennsylvania. U.S. Marshals were escorting Microsoft employees at both sites.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics