Twelve days after Microsoft announced the take down of approximately 1000 botnets running the Citadel botnet software, Security researchers debate whether Microsoft’s actions were effective in slowing down the banking malware. There are still at least 400 active Citadel botnets on the Internet. In fact, if you enter “citadel zeus” into Google Search you will see around the 4th search result a product page for the Citadel crime kit complete with a list of features, a promise of customer support, and a price (2,399.00). And according to Microsoft, Citadel has infected as many as 5 million PCs around the world, and is used to steal from users banks including American Express, Bank of America, Citigroup, Credit Suisse, eBay’s PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo. The Citadel software disables anti-virus programs on infected PCs so they cannot detect malicious software. This means that if your PC was infected by Citadel it may still be despite the takedown of 1000 Citadel servers. It also means that your PC has been exposed to other infections because your anti-virus program has been compromised. What I want to know is – is my PC infected with Citadel? Microsoft says it is working with Internet Service Providers (ISPs) and Computer Emergency Response Teams (CERTs) around the world to quickly and efficiently clean as many computers as possible. It can do this by identifying the IP address of the PC that has a Citadel virus contacting a server that is now controlled by Microsoft, and it can communicate that IP address back to the ISP or CERT that controls that corresponding block of IPs
Posted on: Thu, 27 Jun 2013 22:22:48 +0000
Trending Topics
Recently Viewed Topics
© 2015