Microsoft, two months after the company was part of an operation to disrupt a large number of Citadel botnets, the company said that 88 percent of the botnets spawned by that malware have been taken down.

The company, working with U.S. Marshals, physically removed from data centers some servers used by Citadel botmasters. This has been an ongoing operation by Microsoft. Microsoft also has been involved in operations that helped take down botnets such as Kelihos, Bamital, Nitol and others.

This was not an operation without controversy. Part of the operation involved Microsoft sinkholing thousands of domains used by Citadel botmasters for command and control purposes. But, some of those domains turned out to be sinkholes that malware researchers had set up previously in order to track Citadel’s operations.

“According to our data, as of July 23, our coordinated action against the threat has disrupted roughly 88 percent of the Citadel botnets operating worldwide. In addition, our analysis shows that approximately 40 percent of the computers we believe to have been infected with Citadel and directly impacted by our operation have been cleaned since the time of our action in June, and we continue to work with others to help clean the remaining victims. As I stated in a recent blog post sharing our initial revelations from this operation, we believe that this was a very successful action, and we continue to be pleased with the positive results we’re seeing,” Richard Boscovich of the Microsoft Digital Crimes Unit said.