Microsoft liberates 2 million PCs from malicious Citadel botnets
Earlier this month, we were made aware that Microsoft’s Digital Crimes Unit successfully brought down over 1,000 of the estimated 1,400 malicious computer networks, commonly referred to as the Citadel botnets. However, a statement made by Richard Domingues Boscovich, the assistant general counsel of Microsoft’s Digital Crimes Unit, casts a new light on just how many machines have been freed by their efforts. He said, "We definitely have liberated at least 2 million PCs globally. That is a conservative estimate."
The Citadel botnets, which are run by a ringleader known only by the alias Aquabox, have been used to steal upwards of $500 million from major financial institutions. Some of their victims include American Express, Citigroup, HSBC, JPMorgan Chase, Royal Bank of Canada, Wells Fargo, and PayPal.
According to Reuters, computers that have been infected with the software can collect valuable financial information by tracking and saving the user’s keystrokes. Due to the program’s ability to disable pre-existing antivirus software, the PC owner is left essentially defenseless.
It is currently unknown how many of the infected machines are still at large, but Boscovich believes that Microsoft's eradication program has surpassed any and all expectations. “We feel confident that we really got most of the ones that we are after,” he explained. “It was a very, very successful disruptive action.”
Unfortunately, not everything related to the case has been resolved. Aquabox and several other Citadel operators have yet to be tracked down. Many analysts suspect that the culprits are residing in Eastern Europe, most likely in either Russia or Ukraine. The big clue is that the Citadel software is nowhere to be found in these two countries; a possible indication that the crime ring doesn’t want to attract any local attention. Although this is only a small tidbit of information, it is the first step in determining the true identities of the criminals.