Microsoft takes down Citadel with help

The botnet known as Citadel, which has infected an estimated five million computers and is responsible for losses amounting to half a billion dollars, was taken down in a campaign code-named b54. Authorized by a court in North Carolina, Microsoft worked in conjunction with the FBI, financial services companies and other partners in order to take action against 1,462 botnets.

Microsoft, back in early 2012, began analyzing the botnets and in the last week of May 2013, filed a civil suit giving them permission to cut communications with 1,462 botnets and the infected computers. On June 5th, US Marshals and Microsoft staff seized command-and-control servers in New Jersey and Pennsylvania. Certs and government agencies in other countries also seized servers.

Microsoft acknowledges that it has not completely shut down Citadel, and that several million computers are still infected. Citadel was responsible for computers being unable to access anti-virus sites, but Microsoft feels that those sites should be accessible now.

The botnets were responsible for finding users banking info and allowing the theft of millions of dollars through identity theft. Most of the infected computers were found in the US, Europe, Hong Kong, Singapore, India and Australia.

This is not the first time that Microsoft has partnered with other security agencies to take down botnets. The company worked with Symantec to take down the Bamital botnet recently. The latest takedown action is the second large-scale operation that the financial sector has participated in.