More than a thousand botnets running the Citadel banking malware, earning the operators over $500 million, have been disrupted as a result of a collaborative investigation involving Microsoft and the FBI.
But security experts believe Citadel, one of the most prevalent pieces of financial malware, will continue to cause plenty of strife for online bankers.
Microsoft said upwards of five million people have been affected by Citadel, which carries out keylogging on victims’ machines to pick up bank account logins.
Microsoft, accompanied by law enforcement marshals, seized computer servers from two data hosting facilities in New Jersey and Pennsylvania on 5 June.
International Computer Emergency Response Teams (CERTs) have been informed of the action and “could take action at their discretion on additional command and control infrastructure for the botnets located outside of the US”.
Microsoft admitted the action won’t kill off Citadel, due to the “size and complexity of the threat”. “However, it is expected that this action will significantly disrupt the botnets’ operation, making it riskier and more expensive for the cyber criminals to continue doing business and allowing victims to free their computers from the malware,” it said.
Others agree Citadel, which is based off the better-known Zeus malware, will carry on stealing money from banks. Jason Steer, EMEA product manager at security firm FireEye, told TechWeekEurope the Citadel code “will simply move from one place to another, temporarily reducing the threat from this variant”.
“The worry is that there are hundreds, if not thousands, of other Citadel and Zeus variants in the wild and so the threat posed to online banking users is only marginally reduced by this takedown,” Steer added.
“Today, hackers using sophisticated malware to execute APT attacks are able to maintain their presence through more advanced means.
“For instance, we are now seeing evidence of C&C servers on high-profile public forums such as Google+, Twitter and Yahoo, which means that takedowns of this nature are very difficult to achieve.”
Rik Ferguson, director of security research and communication for Trend Micro, added: “I have seen headlines along the lines of ‘cyber crime ring takedown’ and that is definitely not what this is. Citadel is commercial off-the-shelf malware, an offshoot of the ZeuS source code. So whilst the removal of criminal infrastructure is a good thing, it certainly isn’t an end to Citadel or even the criminals behind this specific operation.”
What do you know about Internet security? Find out with our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…