Microsoft this week revealed that its recent efforts to disrupt the Citadel botnet were successful, with more than 2 million PCs freed from the clutches of malicious hackers. The botnet is responsible for over $500 million in damages, mostly through the use of keystroke recorders that helped the hackers gain access to users’ banking and other online account information.
“We definitely have liberated at least 2 million PCs globally,” Richard Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit, told Reuters this week. “That is a conservative estimate.” Most of those machines are in the United States, Europe, and Hong Kong, which map to the top three locales affected by the botnet.
Microsoft announced earlier this month that it had worked with the FBI and other federal and international law enforcement agencies to disrupt the massive Citadel botnet operation, which it said affected about 5 million people. The operation marked the first time in history that law enforcement and the private sector worked in concert to execute a civil seizure warrant as part of a botnet disruption operation.
At its peak, Citadel was comprised of about 1,400 separate computer networks, called botnets, that controlled infected PCs remotely. The malicious software was distributed electronically, and with pirated versions of Windows, Microsoft said. The botnet disabled antivirus software so that the infected PC was open for control. In disrupting the botnet, Microsoft and more than 80 law enforcement agencies essentially severed the connections between the botnets and those PCs.
“It was a very, very successful disruptive action,” Boscovich said. “We feel confident that we really got most of the ones that we were after.”
Boscovich also fingered the ringleader of the botnet for the first time, an “eastern European” who goes by the alias Aquabox. Aquabox and dozens of other botnet operators remain at large, and law enforcement is working to uncover their true identities and locate them.