Microsoft's Digital Crimes Unit has been making major efforts to shut down a number of criminal botnets over the last few years, which most recently included the Bamital servers. Late on Wednesday, Microsoft announced it participated in what it called its "most aggressive botnet operation to date."
Microsoft announced that it filed a civil lawsuit last week, alongside a number of financial services leaders and other industry partners, to go after over 1,400 Citadel botnets. Working with the FBI and US Marshals, Microsoft executed raids on computer servers located in New Jersey and Pennsylvania, and seized evidence from those servers.
Like other criminal botnets, the ones that were a part of the Citadel operation infected PCs with malware all over the world. The malware recorded the keystrokes of those users, enabling the people in charge of the Citadel botnet to learn passwords that allowed them to access online and even bank accounts.
Microsoft's press release states:
Microsoft also found that in addition to being responsible for more than half a billion dollars (USD) in losses among people and businesses worldwide, the Citadel malware has affected upwards of five million people, with some of the highest number of infections appearing in the U.S., Europe, Hong Kong, Singapore, India, and Australia. Citadel is a global threat that is believed may have already infected victims in more than ninety countries worldwide since its inception.
In a related blog post, Richard Domingues Boscovich, the Assistant General Counsel for Microsoft's Digital Crimes Unit, states that during their investigation in this latest botnet case, they found that the criminals in charge have altered their methods to help their cause. He states:
For instance, during our investigation we found that Citadel blocked victims’ access to many legitimate anti-virus/anti-malware sites, making it so people may not have been able to easily remove this threat from their computer. However, with the disruptive action, victims should now be able to access these previously blocked sites.
Microsoft admits that, due to the sheer size of this botnet, it does not expect to completely shut down its operations. However, it adds that this week's raids "will significantly disrupt the botnets’ operation, making it riskier and more expensive for the cybercriminals to continue doing business and allowing victims to free their computers from the malware."