If you’re beginning to confuse Microsoft with the U.S. Cavalry, it’s an easy mistake. This is the second time this year – that we know of – that Microsoft has charged to the rescue freeing PC users from a controlling botnet.
Last February, Microsoft and the FBI freed between 300,000 and 1 million PCs from botnet servitude. In this latest “emancipation” the number of PCs freed by Microsoft in conjunction with the Federal Bureau of Investigation is close to 2 million.
Jim Finkle reports in a Reuters’ story that the 2 million PCs were infected with a virus that is thought to have stolen more than half a billion (with a “b”) dollars from bank accounts worldwide. “We definitely have liberated at least 2 million PCs globally. That is a conservative estimate,” said Richard Domingues Boscovich, assistant general counsel with Microsoft’s Digital Crimes Unit. The vast majority of infected machines were in the United States, Europe and Hong Kong.
With support from more than 80 countries, Microsoft and the FBI working with attempted to take down some 1,400 malicious computer networks known collectively as the Citadel botnets. While some may still be operational, Boscovich says, “We feel confident that we really got most of the ones that we were after. It was a very, very successful disruptive action.”
Citadel’s Mr. Big is someone who goes by the name Aquabox and who Boscovich suspects is hiding somewhere in Eastern Europe. Dozens of individual botnet operators still remain at large with law enforcement doing its best to see they don’t remain that way.
The botnets were run from command and control servers at data hosting centers and stole from hundreds of financial institutions around the globe. In the United States, data center operators were usually unaware their servers were being used by Citadel, one of the largest botnet operations ever devised.
Reuters says, “The ring targeted firms of all sizes, from tiny credit unions to global banks such as Bank of America, Credit Suisse, HSBC and Royal Bank of Canada.”
Microsoft notes that Citadel’s creator bundled the software with pirated versions of the Windows operating system. Citadel software disabled anti-virus programs on infected PCs so they could not detect the malware. Individual “Citadel kits” sold over the Internet for $2,400 or more.
Some botnet “herders” rent or sell infected machines to other cybercriminals, who typically send out emails with malware links and attachments to snare victims.