Several days ago, it has been reported in the media that Microsoft took over the Citadel botnet, which should have caused a money loss of more than $ 500 million (approx. EUR 380 million) over the past year and a half. According to Microsoft, online criminals infected more than five million computers worldwide with Citadel targetting banks and financial institutions.

Admin-Oberfläche des Citadel-Builder

Administration Panel: Citadel Builder

Once installed, Citadel steals banking information and allows identity theft. By sending over keystrokes to the botnet operator or using man-in-the-browser technics, the cyber criminals try to gain access to online accounts or to manipulate payment transactions directly. Additionally Citadel blocks antivirus programs and its update functionality to prevent users to clean up the infected computers.
Botnet Takedown B54 a Microsoft PR campaign?
However, although the FBI was involved, no perpetrators were caught. Moreover Security Expert Roman Hüssey complains about the measures taken by Microsoft and call them as a “collateral damage for the security industry“: At least one quarter of the seized domain names had been taken-over longt time before by security companies, and since then used to notify infected end-users via their ISPs. But now, they are gone!
If Microsoft will enroll a new version of it’s “Malicious Software Removal Tool” within the next Patch Day is open for the moment. And if this applies to all affected customers, too.
How can I check if my PC is infected with Citadel? What should I do?

  • Scan your computer with HitmanPro. The free to use removal tool will detect Citadel and remove it. The tool also take care about the installed anti virus tool and re-activate it.
  • Please check if your Browsers and its your plugins are up-to-date. An easy to use Online Check will assist you. CSIS Heimdal Security Agent is a perfect extension to do this automated and on a regular basis!

Stay in touch with us! Follow the author and us on Twitter and please join our Facebook community.