More than a thousand botnets running the Citadel banking malware, earning the operators over $500 million, have been disrupted as a result of a collaborative investigation involving Microsoft and the FBI.
But security experts believe Citadel, one of the most prevalent pieces of financial malware, will continue to cause plenty of strife for online bankers.
Microsoft said upwards of five million people have been affected by Citadel, which carries out keylogging on victims’ machines to pick up bank account logins.
Microsoft, accompanied by law enforcement marshals, seized computer servers from two data hosting facilities in New Jersey and Pennsylvania on 5 June.
International Computer Emergency Response Teams (CERTs) have been informed of the action and “could take action at their discretion on additional command and control infrastructure for the botnets located outside of the US”.
Microsoft admitted the action won’t kill off Citadel, due to the “size and complexity of the threat”. “However, it is expected that this action will significantly disrupt the botnets’ operation, making it riskier and more expensive for the cyber criminals to continue doing business and allowing victims to free their computers from the malware,” it said.
Others agree Citadel, which is based off the better-known Zeus malware, will carry on stealing money from banks. Jason Steer, EMEA product manager at security firm FireEye, told TechWeekEurope the Citadel code “will simply move from one place to another, temporarily reducing the threat from this variant”.
“The worry is that there are hundreds, if not thousands, of other Citadel and Zeus variants in the wild and so the threat posed to online banking users is only marginally reduced by this takedown,” Steer added.
“Today, hackers using sophisticated malware to execute APT attacks are able to maintain their presence through more advanced means.
“For instance, we are now seeing evidence of C&C servers on high-profile public forums such as Google+, Twitter and Yahoo, which means that takedowns of this nature are very difficult to achieve.”
Rik Ferguson, director of security research and communication for Trend Micro, added: “I have seen headlines along the lines of ‘cyber crime ring takedown’ and that is definitely not what this is. Citadel is commercial off-the-shelf malware, an offshoot of the ZeuS source code. So whilst the removal of criminal infrastructure is a good thing, it certainly isn’t an end to Citadel or even the criminals behind this specific operation.”
What do you know about Internet security? Find out with our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…