In a coordinated takedown with the FBI and financial institutions, Microsoft on Wednesday dealt a powerful blow to an online fraud syndicate that siphoned more than $500 million out of bank accounts all over the world.
The takedown, dubbed Operation b54, disrupted more than 1,400 botnets based on Citadel, a powerful piece of banking malware available for sale in underground forums. Citadel has been in existence since 2011 and is based on leaked source code from the Zeus banking trojan. Citadel provides criminals with most of what they need to engage in wide-spread banking fraud, including exploits for infecting end users, keyloggers for stealing those end users' bank passwords, and backend code for running the command and control servers that issue malware updates and receive login credentials from infected computers.
Microsoft used civil seizure orders issued by a federal judge in North Carolina to simultaneously cut off communications between 1,462 Citadel botnets and the infected computers that reported to them. The company also filed suit against a currently unknown operator under the name of Aquabox who is suspected to be connected with one or more of the botnets.