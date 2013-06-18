* Citadel botnets hosted in over 80 nations
* Microsoft says $500 million stolen before crack down
* Agents working to identify ringleader
By Jim Finkle
BOSTON, June 18 Microsoft Corp said
that an assault it led earlier this month on one of the world's
biggest cyber crime rings has freed at least 2 million PCs
infected with a virus believed to have been used to steal more
than $500 million from bank accounts worldwide.
"We definitely have liberated at least 2 million PCs
globally. That is a conservative estimate," Richard Domingues
Boscovich, assistant general counsel with Microsoft's Digital
Crimes Unit, said in an interview on Tuesday.
He said the vast majority of infected machines were in the
United States, Europe and Hong Kong.
Microsoft and the FBI, aided by authorities in more than 80
countries, on June 5 sought to take down 1,400 malicious
computer networks known as the Citadel Botnets by severing their
access to infected machines. Microsoft's Digital Crimes Unit is
working with its partners overseas to determine exactly how many
of the Citadel botnets are still operational.
"We feel confident that we really got most of the ones that
we were after," he said. "It was a very, very successful
disruptive action."
The ringleader, who goes by the alias Aquabox, and dozens of
botnet operators remain at large and the authorities are working
to uncover their identities. Boscovich said he suspects Aquabox
is in Eastern Europe.
The botnets, which were run from "command and control"
servers at data hosting centers around the world, were used to
steal from hundreds of financial institutions, according to
court documents that Microsoft filed to get permission to shut
down servers in the United States that were being used to run
the operation.
Data center operators typically are not aware that their
servers are being used to run botnets.
The ring targeted firms of all sizes, from tiny credit
unions to global banks such as Bank of America, Credit
Suisse, HSBC and Royal Bank of
Canada.
Citadel is one of the biggest botnets in operation today.
Microsoft said its creator bundled the software with pirated
versions of the Windows operating system.
The FBI, which on Tuesday declined to comment on its
progress in its investigation of Citadel, has said it is working
closely with Europol and other overseas authorities to capture
the unknown criminals.
Cyber criminals typically infect machines by sending spam
emails containing malicious links and attachments, and by
infecting legitimate websites with computer viruses that attack
unsuspecting visitors. Some bot herders rent or sell infected
machines on underground markets to other cyber criminals looking
to engage in a wide variety of activities including credit card
theft and attacks on government websites.
The Citadel software disables anti-virus programs on
infected PCs so they cannot detect malicious software. It
surfaced in early 2012 and is sold over the Internet in kits
that cost $2,400 or more.