Microsoft and the FBI Orchestrate Massive Takedown of 1,462 Citadel Botnets

Microsoft has just released how they were able to successfully disrupt about 1,462 Citadel botnets due to a collaboration between several organizations within the private sector including the US Federal Bureau of Investigation (FBI).

The Citadel botnet has been a well-known threat comprised of a massive number of compromised or infected computers all awaiting to receive and carry out malicious functions from a command and control server. The highlight of Citadel is that it is bundled within a crimeware kit making it easy for cybercrooks to lease or buy to build their own universal system for created a massive botnet set-out to cause destruction. It is somewhat similar to other popularized crimeware kits like the Blackhole Exploitation Kit or even having its beginning origins reach back to the Conficker plague.

The days of cybercrooks required to know how to build their own malware to attack others on a large scale have come and gone. With the introduction of botnet tools like Citadel, the task of compromising a large group of computers to form a botnet is a relatively simple task. Fortunately, the savior forces of Microsoft, the FBI, and other private sector organizations has prevailed to take down Citadel.

The takedown of Citadel is not the complete demise of the massive botnet, but more of a major stumbling block for systems infected with malware as part of the Citadel botnet. Most of the infected systems within the Citadel Botnet structure rely on one of more command-and-control (C&C) servers, just like other popular botnet threats. These servers dish out instructions to the infected systems to instruct them on what to do next.

The C&C servers are what ultimately gave Microsoft and the FBI the foothold needed to disrupt Citadel. Identifying and tracing C&C servers is an essential part to putting a stop to botnets. Because botnets, or the group of compromised and infected computers, solely rely on the servers before they do anything malicious, they provide a gateway for authorities to pick apart a botnet.

Microsoft and the FBI have dismantled Citadel by discovering and going directly to the C&C servers. To assist with this daunting task, Microsoft employed their Computer Emergency Response Teams (CERTs) in other countries to act directly against Citadel C&C servers. Additionally, the locality of New Jersey and Pennsylvania were on the radar screen for the home of two hosting companies responsible for providing services to some of the Citadel C&C servers.

The whole takedown, or initial orchestration of taking down Citadel, was an intensive effort on the part of authorities rooting from the FBI and Microsoft. Such an accomplishment, which we proudly congratulate Microsoft on, is evident of the cybercrooks not always having the upper-hand in flooding our virtual Internet gates with cyberwarfare and advanced malware threats.