Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft, FBI Takedown Citadel Botnet

Posted by samzenpus on from the take-it-down dept.

hypnosec writes "Microsoft in collaboration with the FBI have successfully taken down the Citadel botnet which was known to control millions of PCs across the globe and was allegedly responsible for bank fraud in excess of $500 million. Citadel was known to have over 1,400 instances across the globe with most located in the US, Europe, India, China, Hong Kong and Singapore. It would install key-logging tools on target systems, which were then used to steal online banking credentials."

8 of 58 comments (clear)

  1. Windows update by jader3rd · · Score: 4, Interesting

    The FBI should use the C&C servers to force the machines to run Windows Update and clean the machines of the virus. The users obviously don't want to take care of their own machine, and if something goes wrong they'll know that they had a virus.

    1. Re:Windows update by Flere+Imsaho · · Score: 3, Insightful

      Never mind what they should do, what are they doing, now they have a back door into all these PCs?

      --
      It gripped her hand gently. 'Regret is for humans,' it said.
  2. Re:$500 Million by Fluffeh · · Score: 4, Informative

    I don't think that "instance" means infected machine here. I would say likely it would be some sort of control node of the botnet. If you have many control nodes, it is much harder to take control of the botnet as a whole.

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
  3. Re:Great start but by Anonymous Coward · · Score: 2, Funny

    Please mod the parent down as much as possible. This has absolutely nothing to do with the topic at hand.

    He's probably also one of those Tea Party terrorist faggots that think the government should serve the people instead of the other way around. Fuck him. Get his post down to -2 and delete it ASAP.

  4. Microsoft support should call them by Anonymous Coward · · Score: 2, Funny

    on the phone and lead them thru the process of cleaning up their infected machine.

    That worked perfectly when they called me :-)

  5. Re:$500 Million by benyacrick · · Score: 4, Interesting

    Exactly! The number refers to Command & Control (C2) servers worldwide. In fact, Citadel has three types of C2 server: Binary for the actual malware, Config for the configuration file (eg a list of targets), and Drop for the stolen data.

    Lots of good info at the ZeuS Tracker:
    https://zeustracker.abuse.ch/faq.php

  6. Re:This is just a decoy... by DeathElk · · Score: 3, Informative

    I'm not sure of the validity of your claims on margarine, so references would have been nice. However I used to drive past a margarine factory in Sydney most evenings and the smell coming out of that place has ensured I will never consciously eat margarine.

  7. Re:This is just a decoy... by Adambomb · · Score: 3, Funny

    hell that's nothing, Dihydrogen Monoxide is only one ATOM away from being a substance known to cause a condition called Black Hairy Tongue as well as abdominal pains, vomiting, and diarhea!

    --
    Ice Cream has no bones.