Microsoft, FBI Takedown Citadel Botnet 58
hypnosec writes "Microsoft in collaboration with the FBI have successfully taken down the Citadel botnet which was known to control millions of PCs across the globe and was allegedly responsible for bank fraud in excess of $500 million. Citadel was known to have over 1,400 instances across the globe with most located in the US, Europe, India, China, Hong Kong and Singapore. It would install key-logging tools on target systems, which were then used to steal online banking credentials."
Re:$500 Million (Score:5, Informative)
I don't think that "instance" means infected machine here. I would say likely it would be some sort of control node of the botnet. If you have many control nodes, it is much harder to take control of the botnet as a whole.
Re:$500 Million (Score:4, Interesting)
Lots of good info at the ZeuS Tracker:
https://zeustracker.abuse.ch/faq.php [abuse.ch]
Re: (Score:1)
TFA says "... which was known to control millions of PCs across the globe"
I know, read TFA - what's wrong with me?
Great start but (Score:1, Informative)
Call me when they take down the bankers who have illegally laundered trillions of dollars in the LIBOR scandal.
Re: (Score:2, Funny)
Please mod the parent down as much as possible. This has absolutely nothing to do with the topic at hand.
He's probably also one of those Tea Party terrorist faggots that think the government should serve the people instead of the other way around. Fuck him. Get his post down to -2 and delete it ASAP.
Re: (Score:1)
Call me when they take down the slashthinkers who don't do anything useful themselves but feel free to denigrate those who do.
Re: (Score:1)
Re: (Score:1)
Face it: the kind of abuse we've come to expect from our Progressive Overlords doesn't come cheap.
Re: (Score:1)
Tuesday was two days ago.
Re: (Score:1)
Re: (Score:1)
Shouldn't you? Kind of jumping the gun, no?
Re: (Score:1)
Windows update (Score:5, Interesting)
Microsoft support should call them (Score:2, Funny)
on the phone and lead them thru the process of cleaning up their infected machine.
That worked perfectly when they called me :-)
Re: (Score:3, Insightful)
Never mind what they should do, what are they doing, now they have a back door into all these PCs?
Re: (Score:2)
While these "successful takedowns" are great PR, the dirty secret is that by only taking down the C&C servers, the zomie machines just end up under different servers. MS has no issue applying updates without user permission to healthy PCs, so why not clean these infected ones? That would actually do some long term damage to these bot nets.
Re: (Score:1)
Re:This is just a decoy... (Score:4, Funny)
hell that's nothing, Dihydrogen Monoxide is only one ATOM away from being a substance known [wikipedia.org] to cause a condition called Black Hairy Tongue [wikipedia.org] as well as abdominal pains, vomiting, and diarhea!
Re:This is just a decoy... (Score:4, Informative)
I'm not sure of the validity of your claims on margarine, so references would have been nice. However I used to drive past a margarine factory in Sydney most evenings and the smell coming out of that place has ensured I will never consciously eat margarine.
Re: (Score:2)
Margarine is but ONE MOLECULE away from being PLASTIC...
That's true. In much the same way that pure water is but ONE MOLECULE away from being SULFURIC ACID.
It would install key-logging tools on target syste (Score:2)
On *Windows* target systems, you mean.
Re: It would install key-logging tools on target s (Score:2)
Sorry, do you think key loggers are impossible on Linux or something?
Re: (Score:2)
"Sorry, do you think key loggers are impossible on Linux or something?"
No. I'm simply stating that this specific key-logger is focused on windows systems.
For platform-specific malware I it would be good always mentioning which platforms it affects.
Re: (Score:1)
There's an android malware discussion one article up on the front page which would benefit from your pointed and unbiased opinion. I will wait patiently for your post.
Re: (Score:1)
A car made by GM probably will explode if attacked by hostile parties.
So $500 mil taken (Score:2)
out of the banks hands and put right back into the economy by the perps. Nothings to see, move along....
On whose authority? (Score:2)
It seems I'm the only one who questions such things, but:
On whose authority was this action pursued?
Since when does the FBI or MSFT or RIAA or MPAA or North Korea or Anonymous or [etc] have a right to diddle with others computers?
What gives them (for any incarnation of "them") the authority to modify privately-owned computers?
If it's for the indiscriminate greater good, then that seems more like military action...which I don't think the FBI is authorized to deal with, and certainly not any private US-based
Re: (Score:2)
Where has authority been assumed? The way botnets are taken down is the control nodes are eliminated, not that the infected machines are cleaned - in this case, the control servers may be gone but the end user machines are still infected, they just have nothing controlling them anymore.
The FBI and Microsoft get warrants and court authority which allows them to sieze and control digital assets that disrupts the control nodes, such as domain names, hosting space, IP routes, servers etc - they never touch the
Re: (Score:2)
Who owns the control nodes? Who determines whether or not they are end-user machines?
What authority do they have to disrupt them?
(Also: In the US, corporations may not petition for warrants. If you think otherwise, I'm done with this conversation with you.)
Re: (Score:2)
Who gives a fuck whether they are end user machines or not, they are control nodes and that is enough to target them.
And I never said Microsoft on their own petitioned for a warrant, thats why they involved the FBI and thats why I said "the FBI and Microsoft..." .
And it just so happens that the court gives them the authority to disrupt them. Obviously.
Re: (Score:2)
What court?
What warrant?
Who?
(No, it's not obvious.)
Re: (Score:2)
These rules you specify, even if they weren't related directly to RF, still would not apply: Purposefully fucking up servers != "accepting interference from other sources".
It is, and remains, illegal to intentionally interfere with communications. Or private property in general. In the US. Today. As we speak.
Otherwise, I still expect a law and/or a citeable court order specifically allowing such action, which may or may not involve foreign nationals and their belongings.
Re: (Score:2)
From your friendly neighbourhood grammar nazi (Score:2)
Takedown is a noun.
Take down is the phrasal verb your title is looking for.