Microsoft partnership takes down 1,000 cybercrime botnets

Microsoft has disrupted more than 1,000 botnets in a joint campaign with the financial services industry and the FBI

Microsoft has announced the disruption of more than 1,000 botnets in a joint campaign with the financial services industry, technology industry partners and the FBI.

The botnets, or networks of compromised computers infected by malicious software to be controlled by cyber criminals – were being used to steal online banking credentials and personal identities.

The campaign is part of a growing proactive effort by the public and private sector to enhance cloud security and fight cyber crime, including online fraud and identity theft.

 The co-ordinated disruption resulted from an extensive investigation that Microsoft and its financial services and technology industry partners began in early 2012.

Investigators found that, once a computer was infected with Citadel malware, it began monitoring and recording a victim's keystrokes.

This tactic, known as keylogging, provides cyber criminals information to gain direct access to a victim's bank account or any other online account to withdraw money or steal personal identities.

Investigators found criminals were adapting and evolving their attack methods by blocking victims' access to legitimate anti-virus/anti-malware sites to make removal of the threat more difficult.

It also emerged that cyber criminals are using fraudulently obtained product keys, created by key generators for outdated Windows XP software, to develop their malware and grow their business.

This highlights the fact that – in addition to exercising safe online practices, such as running updated and legitimate software and using firewall and antivirus protection – people also need to use modern versions of Windows software to better prevent malware, fraud and identify theft, Microsoft said.

The Citadel cyber crime operation was responsible for more than half a billion dollars in losses worldwide and had affected at least five million people in more than 90 countries, Microsoft said.

"The harm done by Citadel shows the threat that botnets, malicious software, and piracy pose to individuals and businesses around the world," said Brad Smith, Microsoft general counsel and executive vice-president of legal and corporate affairs.

 "This co-ordinated action between the private sector and law enforcement demonstrates the power of combined legal and technical expertise and we're going to continue to work together to help put these cyber criminals out of business."

Citadel is the seventh major botnet takedown by Microsoft's digital crimes unit (DCU) in collaboration with partner as part of its strategy to disable key cyber criminal infrastructure.

The takedowns of the Waledac, Rustock, Kelihos, Zeus, Nitol and Bamital botnets have all used legal action to enable the seizure of servers being used as command and control centres.

Similarly, in the latest campaign, Microsoft filed a civil suit against the cyber criminals operating the Citadel botnets, receiving authorisation from the US District Court of North Carolina to cut off communication between 1,462 Citadel botnets and the millions of infected computers under their control.

On 5 June, Microsoft, escorted by US marshals, seized data and evidence from the botnets, including computer servers from two data hosting facilities in New Jersey and Pennsylvania.

Although similar to previous botnet takedowns, this operation marks the first time law enforcement and the private sector have worked together to execute a civil seizure warrant.

Microsoft and the FBI also provided information about the botnets' operations to foreign law enforcement organisations and computer emergency response teams (CERTs), so they could take action against additional command and control infrastructure for the botnets located outside of the US.

The campaign is expected to make it riskier and more expensive for the cyber criminals behind the botnets to operate, but due to the size and complexity of the threat, Microsoft and its partners do not expect to fully eliminate all of the botnets using Citadel.

Microsoft said it is critical that victims rid their computers of Citadel by using malware removal or antivirus software as quickly as possible to help prevent additional security issues.

Read more on Hackers and cybercrime prevention