Microsoft frees two million PCs from botnet

By Reuters and Shona Ghosh

Posted on 19 Jun 2013 at 09:46

Microsoft said it has freed two million PCs from a criminal botnet that stole more than $500 million from global bank accounts.

"We definitely have liberated at least two million PCs globally. That is a conservative estimate," the firm?s assistant general counsel for its digital crimes unit, Richard Domingues Boscovich.

He said the vast majority of infected machines were in the US, Europe and Hong Kong.

Microsoft and the FBI, aided by authorities in more than 80 countries, sought to take down 1,400 malicious computer networks, known as the Citadel botnets, by severing their access to infected machines.

We definitely have liberated at least two million PCs globally. That is a conservative estimate

Microsoft's digital crimes unit is working with its partners overseas to determine exactly how many botnets are still operational.

"We feel confident that we really got most of the ones that we were after," he said. "It was a very, very successful disruptive action."

The ringleader, who goes by the alias Aquabox, and dozens of botnet operators remain at large and the authorities are working to uncover their identities. Boscovich said he suspects Aquabox is in Eastern Europe.

Crime ring

The botnets, which were run from command-and-control servers at data hosting centres around the world, were used to steal from hundreds of financial institutions, according to court documents that Microsoft filed to get permission to shut down servers in the United States that were being used to run the operation.

Data centre operators typically are not aware that their servers are being used to run botnets.

The ring targeted firms of all sizes, from tiny credit unions to global banks such as Bank of America, Credit Suisse, HSBC and Royal Bank of Canada.

Citadel is one of the biggest botnets in operation today. Microsoft said its creator bundled the software with pirated versions of the Windows operating system. It disables antivirus programs on infected PCs so they cannot detect malicious software. It surfaced in early 2012 and is sold over the internet in kits that cost $2,400 or more.

The FBI declined to comment on the progress of its investigation of Citadel, but said it's working closely with Europol and other overseas authorities to capture the unknown criminals.

Collateral damage

Earlier this month, security researchers criticised Microsoft?s takedown methods suggesting that the firm?s "sinkholing" efforts were both ineffective and caused collateral damage.

According to Swiss security researchers abuse.ch, Microsoft?s aggressive shutdown of the botnet?s command-and-control centres affected servers belonging to security firms, which were used to notify system administrators that they had infected computers on their network.

"Microsoft seized not only malicious domain names operated by cybercriminals to control computers infected with Citadel, but also Citadel botnet domain names that had already been sinkholed by abuse.ch a while ago," said the company.

Researchers at Sophos compared its own list of command-and-control servers with one published by Microsoft.

"Worryingly, [we] found that 51% of the 72 domains analysed did not appear in Microsoft's published list. A more worrying 20% of the Citadel domains were on Microsoft's list but were not ending up at the sinkhole," said the firm. "This implies either that the sinkholing was unsuccessful or that the domains have already been re-appropriated by the Citadel botnet owners."

Source: http://www.pcpro.co.uk/news/382516/microsoft-frees-two-million-pcs-from-botnet

ellsbury brad pitt and angelina jolie brad and angelina herniated disc luke scott tom benson royals