Security

Microsoft teams up with the FBI to disrupt massive Citadel botnet ring

Blue LEDs on servers indicate all is well

In the world of botnets, Microsoft is taking no prisoners.

The company announced today that it, working alongside the FBI, has disrupted Citadel, a botnet network responsible for at least $500 million in losses. Microsoft says this is the first time that law enforcement and a private sector company have worked together to seize servers suspected of running botnet operations.

For the uninitiated: A botnet is a network of hijacked computers working together to achieve a similar, usually nefarious, end. Citadel, which infected computers via compromised Windows XP product key generators, was used to log keystrokes, giving the attackers access to data like victims’ bank account information. Microsoft also found that the malware blocked victims from running anti-virus software, making matters worse.

Microsoft said that its seizure, dubbed operation b54, disrupted an estimated 1,400 Citadel botnets, meaning that, while the botnet ring is still running, Microsoft is almost certainly making it harder for the bad guys to run their business. (The company says that it doesn’t expect to fully destroy the operation.)

This isn’t the first time Microsoft has gone after botnets. Last year, the company helped disrupt ZeuS, a botnet ring responsible for over half a billion dollars in damages. The company also helped take down the Waledac, Rustock and Kelihos botnet networks, among others.

Of course, the easy joke to make here is that Microsoft is only helping fix a problem that it itself has had a hand in creating. After all, botnet malware only exploits security holes that already exist, and Windows is full of them. Still, in Microsoft’s defense, the company has been trying for years — largely in vain – to get stubbon Windows XP users to upgrade to more secure versions of Windows. Microsoft digital counsel Richard Domingues Boscovich managed to not-so-subtly allude to this fact in the blog post announcing the news:

This discovery showcases that, in addition to exercising safe online practices like running updated and legitimate software and using firewall and antivirus protection, people also need to use modern versions of Windows software to better prevent malware, fraud and identify theft.

The message here is, I guess, simple: If you don’t want to be a part massive money-stealing botnet, don’t run outdated versions of Windows. Or at least be a smarter pirate.