Microsoft FBI Take Down 500M Botnet
June 6, 2013

Microsoft And FBI Team Up To Take Down $500M Botnet Scam

Michael Harper for — Your Universe Online

Microsoft´s Digital Crimes Unit (MDCU) has taken down another large botnet which was responsible for stealing more than $500 million from infected users. Working again with the FBI, the MDCU was able to take down at least 1,000 Citadel botnets, with only another 400 estimated remaining. The botnets have been infecting computers and stealing from bank accounts for the past 18 months. Some 5 million computers were thought to be under the control of these botnets, giving the malicious network access to accounts from American Express, Bank of America, Credit Suisse, Paypal, the Royal Bank of Canada and Wells Fargo.

The criminals responsible for creating and maintaining these botnets have not yet been found, but MDCU spokesman Richard Boscovich said the power of their network has been greatly reduced.

"The bad guys will feel the punch in the gut," Boscovich told BBC News.

Boscovich also praised the cooperation between his team and the FBI, saying this kind of operation “serves as a real world example of how public-private cooperation can work effectively within the judicial system.”

Microsoft has called this their most aggressive botnet operation to date, and considering the size of the Citadel botnets, it´s easy to understand why. Though they went into the operation understanding they wouldn´t be able to take down every network, they were pleased with the outcome of the attack. Many PC users infected with the Citadel botnet may not have even been aware that they were under attack. The malware used to enlist a machine into the botnet also blocked access to legitimate anti-virus and anti-malware sites, thereby ensuring it would remain safely on the computer.

The MDCU traced the botnet back to piracy, saying the cybercriminals building the malicious network used key generators to unlock outdated copies of Windows XP. These key generators are often used when pirating software or operating systems, producing a digital “key” to unlock the software and fool the servers into believing a legitimate copy is being used. In a blog post, Boscovich took the opportunity to first point out that newer versions of Windows aren´t so easily duped and are able to prevent this type of misuse of product keys.

“This discovery showcases that, in addition to exercising safe online practices like running updated and legitimate software and using firewall and antivirus protection, people also need to use modern versions of Windows software to better prevent malware, fraud and identify theft,” wrote Boscovich.

While the MDCU handled the tech side of the takedown, the FBI is now looking for the parties responsible for building these Citadel botnets, working together with Europol and other global authorities to bring these criminals to justice.

“We are upping the game in our level of commitment in going after botnet creators and distributors," said Richard McFeely, the FBI´s assistant executive director.

"This is a more concerted effort to engage our foreign partners to assist us in identifying, locating and, if we can, get US criminal process on these botnet creators and distributors."

This is the seventh botnet takedown executed by the MDCU and the second so far this year. In February, the crimes unit, in tandem with Symantec, brought down the smaller Bamital botnet. This network first enlisted machines then guided users to malicious sites to steal their banking and other personal information as well as generate fake advertising clicks. The Bamital botnet was estimated to have stolen some $1 million a year from its victims.