×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft, FBI Takedown Citadel Botnet

samzenpus posted about a year ago | from the take-it-down dept.

Security 58

hypnosec writes "Microsoft in collaboration with the FBI have successfully taken down the Citadel botnet which was known to control millions of PCs across the globe and was allegedly responsible for bank fraud in excess of $500 million. Citadel was known to have over 1,400 instances across the globe with most located in the US, Europe, India, China, Hong Kong and Singapore. It would install key-logging tools on target systems, which were then used to steal online banking credentials."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

58 comments

I wiggle my ass! (-1)

Anonymous Coward | about a year ago | (#43930921)

I'm wigglin' my ass! So, who wants my ass to become a spaghetti noodle?

$500 Million (0)

Anonymous Coward | about a year ago | (#43930929)

Wait what? Thats over $350k per machine. Are the numbers screwed up here or is this just part of the NSA slush fund to build data centers?

Re:$500 Million (4, Informative)

Fluffeh (1273756) | about a year ago | (#43930985)

I don't think that "instance" means infected machine here. I would say likely it would be some sort of control node of the botnet. If you have many control nodes, it is much harder to take control of the botnet as a whole.

Re:$500 Million (4, Interesting)

benyacrick (2741881) | about a year ago | (#43931229)

Exactly! The number refers to Command & Control (C2) servers worldwide. In fact, Citadel has three types of C2 server: Binary for the actual malware, Config for the configuration file (eg a list of targets), and Drop for the stolen data.

Lots of good info at the ZeuS Tracker:
https://zeustracker.abuse.ch/faq.php [abuse.ch]

Re:$500 Million (1)

Flere Imsaho (786612) | about a year ago | (#43931487)

TFA says "... which was known to control millions of PCs across the globe"

I know, read TFA - what's wrong with me?

Take Down (-1)

Anonymous Coward | about a year ago | (#43930931)

Take Down

Re: Take Down (0)

Anonymous Coward | about a year ago | (#43931113)

Quite right. People who lack the self respect to spell correctly don't deserve to be published.

Great start but (1, Informative)

Anonymous Coward | about a year ago | (#43930951)

Call me when they take down the bankers who have illegally laundered trillions of dollars in the LIBOR scandal.

Re:Great start but (2, Funny)

Anonymous Coward | about a year ago | (#43931075)

Please mod the parent down as much as possible. This has absolutely nothing to do with the topic at hand.

He's probably also one of those Tea Party terrorist faggots that think the government should serve the people instead of the other way around. Fuck him. Get his post down to -2 and delete it ASAP.

Re:Great start but (0, Offtopic)

Anonymous Coward | about a year ago | (#43931199)

Who modded this down? I though /. would grok _irony_

Re:Great start but (0)

Anonymous Coward | about a year ago | (#43934999)

Irrelevant irony is still irrelevant.

Re:Great start but (0)

murdocj (543661) | about a year ago | (#43931685)

Call me when they take down the slashthinkers who don't do anything useful themselves but feel free to denigrate those who do.

Re:Great start but (1)

Chickenlips (33524) | about a year ago | (#43931897)

You're sticking up for bankers who knowingly help criminals profit from their illegal activities, making them criminals, too?

Re:Great start but (1)

smitty_one_each (243267) | about a year ago | (#43932153)

In defense of those bankers, it costs an awful lot to keep those politicians bought.
Face it: the kind of abuse we've come to expect from our Progressive Overlords doesn't come cheap.

Windows update (4, Interesting)

jader3rd (2222716) | about a year ago | (#43930959)

The FBI should use the C&C servers to force the machines to run Windows Update and clean the machines of the virus. The users obviously don't want to take care of their own machine, and if something goes wrong they'll know that they had a virus.

Re:Windows update (-1)

Anonymous Coward | about a year ago | (#43931141)

Whoa! Hold on there cowboy!

There are more botnets out there and these "take downs" are a PR goldmine. Let's not try to fix the world overnight OK?

Microsoft support should call them (2, Funny)

Anonymous Coward | about a year ago | (#43931191)

on the phone and lead them thru the process of cleaning up their infected machine.

That worked perfectly when they called me :-)

Re:Windows update (3, Insightful)

Flere Imsaho (786612) | about a year ago | (#43931477)

Never mind what they should do, what are they doing, now they have a back door into all these PCs?

Re:Windows update (1)

slacka (713188) | about a year ago | (#43934297)

While these "successful takedowns" are great PR, the dirty secret is that by only taking down the C&C servers, the zomie machines just end up under different servers. MS has no issue applying updates without user permission to healthy PCs, so why not clean these infected ones? That would actually do some long term damage to these bot nets.

This is just a decoy... (-1)

Anonymous Coward | about a year ago | (#43931009)

The real botnet is being operated by Microsoft itself. How better to get everyone's personal information than by having your entire operating system be a huge pile of spy software?

The real reason there are so many viruses and bits of spyware on Windows is because the OS itself was programmed (throughout its many incarnations) to spy on its users, and the hackers are merely writing programs that enable those functions. Functions that already exist within the OS! Functions that were put there at the request of various elements of the United States government!

Does nobody else find it fishy that the ruling in the United States vs. Microsoft case (involving antitrust back in 2000) was overturned shortly afterwards?

And on an unrelated note, FYI:

Margarine was originally manufactured to fatten turkeys. When it killed the turkeys, the people who had put all the money into the research wanted a payback so they put their heads together to figure out what to do with this product to get their money back.
It was a white substance with no food appeal so they added the yellow coloring and sold it to people to use in place of butter. How do you like it? They have come out with some clever new flavorings....

DO YOU KNOW.. The difference between margarine and butter?

Both have the same amount of calories.

Butter is slightly higher in saturated fats at 8 grams; compared to5 grams for margarine.

Eating margarine can increase heart disease in women by 53% over eating the same amount of butter, according to a recent Harvard Medical Study.

Eating butter increases the absorption of many other nutrients in other foods.
Butter has many nutritional benefits where margarine has a few and only because they are added.
Butter tastes much better than margarine and it can enhance the flavors of other foods.

Butter has been around for centuries where margarine has been around for less than 100 years.

And now, for Margarine..
Very High in Trans fatty acids.
Triples risk of coronary heart disease ...
Increases total cholesterol and LDL (this is the bad cholesterol) and lowers HDL cholesterol, (the good cholesterol)

Increases the risk of cancers up to five times..

Lowers quality of breast milk

Decreases immune response.

Decreases insulin response.

And here's the most disturbing fact...

Margarine is but ONE MOLECULE away from being PLASTIC... and shares 27 ingredients with PAINT

These facts alone were enough to have me avoiding margarine for life and anything else that is hydrogenated (this means hydrogen is added, changing the molecular structure of the substance).

Open a tub of margarine and leave it open in your garage or shaded area. Within a couple of days you will notice a couple of things:

* no flies, not even those pesky fruit flies will go near it (that should tell you something)

* it does not rot or smell differently because it has no value ; nothing will grow on it. Even those teeny weeny micro-organisms will not a find a home to grow. Why? Because it is nearly plastic. Would you melt your Tupperware and spread that on your toast?

Re:This is just a decoy... (1)

byornski (1022169) | about a year ago | (#43931305)

Good god; we better avoid anything that is only one molecule away from another!

Re:This is just a decoy... (3, Funny)

Adambomb (118938) | about a year ago | (#43931371)

hell that's nothing, Dihydrogen Monoxide is only one ATOM away from being a substance known [wikipedia.org] to cause a condition called Black Hairy Tongue [wikipedia.org] as well as abdominal pains, vomiting, and diarhea!

Re:This is just a decoy... (3, Informative)

DeathElk (883654) | about a year ago | (#43931349)

I'm not sure of the validity of your claims on margarine, so references would have been nice. However I used to drive past a margarine factory in Sydney most evenings and the smell coming out of that place has ensured I will never consciously eat margarine.

Re:This is just a decoy... (0)

Anonymous Coward | about a year ago | (#43936325)

http://www.truthorfiction.com/rumors/b/butter-margarine.htm#.UbHzapyrOZE

  The Truth:

The heart of this eRumor, the comparison between butter and Margarine, has been circulating since 2005. Later versions added the tidbit about Margarine being manufactured to fatten turkeys.

We'll go through the email one fact at time but it needs to be kept in mind that not every Margarine product is the same. There are other spreads that are loosely called Margarine but may, for example, be part vegetable oil or a fat-free Margarine product.

1. Margarine was originally manufactured to fatten turkeys. When it killed The turkeys, the people who had put all the money into the research wanted a Payback so they put their heads together to figure out what to do with this Product to get their money back. It was a white substance with no food Appeal so they added the yellow coloring and sold it to people to use in Place of butter. How do you like it? They have come out with some clever New flavorings-Fiction!
According to the National Association of Margarine Manufacturers, Margarine was the idea of a Frenchman named Hippolyte Mege-Mouriez in response to a request from Emperor Louis Napoleon for ideas for a substitute for butter. In 1869 he used margaric acid and the name of his formulation became known as Margarine. It became a hit in the United States in the late 1800's.

2. Both have the same amount of calories-Truth!
A tablespoon of butter is 100 calories. A tablespoon of Margarine is 100 calories.

3. Eating margarine can increase heart disease in women by 53% over eating the same amount of butter, according to a recent Harvard Medical Study-Truth! But Updated!
We didn't find the "53%" study, but Harvard School of Public Health has published a report on this. It says that more than 30 years ago research indicated that saturated fat (such as in butter) was bad for the heart and people were told to switch to margarine. A Harvard study of women between 1980 and 1994 found a significant reduction of heart disease risk by reducing smoking, hormone treatment, and dietary improvements including reducing or eliminating saturated fat (such as in butter.) Further research has shown, however, that some margarines contained trans fat, which was even worse for the heart than saturated fat. The report cautions us not to make decisions as a result of just one study but to consider the body of recent research about an issue like butter versus margarine.

4. Butter is slightly higher in saturated fats at 8 grams compared to 5 Grams-Truth!
A tablespoon of butter is 7g of saturated fat. A tablespoon of margarine is 2g of saturated fat.

5. Eating butter increases the absorption of many other nutrients in other Foods-Unproven!
We could not find anything definitive about this.

6. Butter has many nutritional benefits where margarine has a few only because they are added!
It depends on what you are measuring. The advantage of butter is that it is a more natural product than margarine and does have more vitamin content. But butter is high in saturated fat, which is associated with increased heart attack risk. Saturated fats are the ones that are solid at room temperature and increase the "bad" cholesterol (LDL) as well as the "good" cholesterol (HDL). The disadvantage of true margarine is the trans fat level. The more solid a margarine is at room temperature, the more trans fat it contains, as much as 3 grams per tablespoon. Margarine makers have responded to that by releasing tub or liquid products that have either reduced or eliminated trans fats. Watch for the labels. Heart doctors recommend butter over normal margarine but recommend trans fat free margarines over butter. It all gets very confusing. There are even margarine products now that say they actually lower cholesterol.

7. Butter tastes much better than margarine and it can enhance the flavors of other foods-A Matter of Personal Taste!

8. Butter has been around for centuries where margarine has been around for Less than 100 years- Fiction!
Margarine was introduced as an inexpensive alternative in France in 1869, according to a history found in the Margarine and Spreads Association in the United Kingdom.

9. Margarine is high in trans fatty acids-Truth!

10. Margarine triples the risk of coronary heart disease-Unproven!
Although trans fats are to be avoided, we did not find any research that says that the use of margarine triples the risk of heart disease.

11. Margarine ncreases total cholesterol and LDL (this is the bad cholesterol) and lowers HDL cholesterol, (the good cholesterol)-Truth!

12. Increases the risk of cancers up to five fold-Fiction!
We could not find any substantiation of this claim.

13. Margarine lowers quality of breast milk-Truth!
We didn't find any research on this but there are studies on how a mother's eating of trans fats affects the level of trans fats in her milk. One study, for example, comparing Canadian breast milk to Chinese breast milk found that Canadian mothers had 33 more trans fats in their milk than the Chinese mothers. So the quality of the breast milk can be affected by the consumption of trans fats.

14. Margarine decreases immune response-Truth!
We found several references to this including an article by nutritionist Dr. Mary Enig that said that consuming trans fatty acids "Affects immune response by lowering effeciency of B cell response and increasing proliferation of T cells."

15. Decreases insulin response-Truth!
Actually the trans fat can increase blood insulin levels, which increases the risk for diabetes.

16. Margarine is but ONE MOLECULE away from being PLASTIC-Fiction!
We found no support for this. Perhaps whoever wrote this heard a discussion about the "plasticity" of margarine. It is "plastic" at room temperature meaning that the shape of it can be changed when pressure is applied. That doesn't mean it is composed of what we normally think of as plastic. It was originally made of animal fats but increasingly now is made from vegetable oils.

Re:This is just a decoy... (1)

Trogre (513942) | about 10 months ago | (#43956929)

Margarine is but ONE MOLECULE away from being PLASTIC...

That's true. In much the same way that pure water is but ONE MOLECULE away from being SULFURIC ACID.

It would install key-logging tools on target syste (1)

turbidostato (878842) | about a year ago | (#43931187)

On *Windows* target systems, you mean.

Re: It would install key-logging tools on target s (1)

crdotson (224356) | about a year ago | (#43932319)

Sorry, do you think key loggers are impossible on Linux or something?

Re: It would install key-logging tools on target s (1)

turbidostato (878842) | about a year ago | (#43933197)

"Sorry, do you think key loggers are impossible on Linux or something?"

No. I'm simply stating that this specific key-logger is focused on windows systems.

For platform-specific malware I it would be good always mentioning which platforms it affects.

It's fantastic that Microsoft takes responsibility (-1, Troll)

OhANameWhatName (2688401) | about a year ago | (#43931363)

It's great that Microsoft is saying "It was our crumby software that allowed this botnet to spawn, we've got to do something about it". But I think we've got to be really careful about giving the company any credit for it's actions. These are fundamental things which every maker of a product needs to be responsible for. If GM sold cars which exploded, they'd be taken to account. Software producers have long since gotten away with destructive negligence through the use of (often illegal) EULA's.

It's about time that the law recognised the essential nature of computers in society and the makers of such should be held to account when their product doesn't live up to expectations.

Re:It's fantastic that Microsoft takes responsibil (1)

Anonymous Coward | about a year ago | (#43931721)

There's an android malware discussion one article up on the front page which would benefit from your pointed and unbiased opinion. I will wait patiently for your post.

Re: It's fantastic that Microsoft takes responsibi (0)

Anonymous Coward | about a year ago | (#43932387)

Still waiting. Tick tock.

Re:It's fantastic that Microsoft takes responsibil (1)

gandhi_2 (1108023) | about a year ago | (#43932845)

A car made by GM probably will explode if attacked by hostile parties.

Re:It's fantastic that Microsoft takes responsibil (0)

Anonymous Coward | about a year ago | (#43935679)

Still nothing. I guess that just confirms you are a shill, the worst kind like you accuse Microsoft of employing all over this site.

Link to original MS press release (0)

Anonymous Coward | about a year ago | (#43931599)

http://www.microsoft.com/en-us/news/Press/2013/Jun13/06-05DCUPR.aspx

Now.. with better writing (than the original linked article)

Grammar Police (0)

Anonymous Coward | about a year ago | (#43931641)

I must object to the use of "Takedown" as a verb.The headline clearly should have been "Microsoft, FBI Take Down Citadel Botnet".

This issue is rampant in IT circles, in which "setup", "login", "checkout", and "shutdown" (all of which are acceptable nouns) are more commonly used as verbs than are the verb phrases from which they were constructed: "set up", "log in", "check out", and "shut down". The nouns are each composed of a verb and a preposition, and now in our laziness, we insist on using these compound words as if they were still verbs. Take a minute - a fraction of a second, actually - and insert the space character that makes them two separate words, and therefore makes them a valid verb phrase.

Some may reply that I am being uptight about this, but I usually don't make a big deal of the poor language skills (or simple carelessness) of others. Indeed, who has the time? However, I speak up in cases such as this because this sort of slop is indicative of sloppy thinking. And I should never find sloppy thinking amongst the brilliant professionals who patronize this establishment.

Re:Grammar Police (0)

Anonymous Coward | about a year ago | (#43932651)

me@host:~$ sudo shut down -h now
sudo: shut: command not found
me@host:~$

(captcha: scrapped)

Re:Grammar Police (0)

Anonymous Coward | about a year ago | (#43932719)

Thank you. This bugged me too.

Re:Grammar Police (0)

Anonymous Coward | about a year ago | (#43934489)

Thankyou. This mebugged too.

FTFY.

Nice of MS to work to clean up some of their mess (0)

Anonymous Coward | about a year ago | (#43932081)

Given that likelihood that a fair number of these bottled machines were made vulnerable by flaws in MSoft software, it is nice to see MSoft talking some action to help clean up their mess.

Re:Nice of MS to work to clean up some of their me (0)

Anonymous Coward | about a year ago | (#43934895)

Given that likelihood that a fair number of these bottled machines were made vulnerable by flaws in MSoft software, it is nice to see MSoft talking some action to help clean up their mess.

More like Microsoft is having to spend resources to clean up the mess the developers in their ecosystem have created.

Java, Flash and Acrobat. Those are the three big vectors. A Windows machine with none of the three will be pretty damn safe.

On whose authority? (1)

adolf (21054) | about a year ago | (#43933013)

It seems I'm the only one who questions such things, but:

On whose authority was this action pursued?

Since when does the FBI or MSFT or RIAA or MPAA or North Korea or Anonymous or [etc] have a right to diddle with others computers?

What gives them (for any incarnation of "them") the authority to modify privately-owned computers?

If it's for the indiscriminate greater good, then that seems more like military action...which I don't think the FBI is authorized to deal with, and certainly not any private US-based company.

(To be clear: I'm happy whenever I hear about a botnet being destroyed. But I'm unhappy whenever I see the government or anyone else assuming authority where none has been granted.)

Re:On whose authority? (1)

Richard_at_work (517087) | about a year ago | (#43933473)

Where has authority been assumed? The way botnets are taken down is the control nodes are eliminated, not that the infected machines are cleaned - in this case, the control servers may be gone but the end user machines are still infected, they just have nothing controlling them anymore.

The FBI and Microsoft get warrants and court authority which allows them to sieze and control digital assets that disrupts the control nodes, such as domain names, hosting space, IP routes, servers etc - they never touch the infected PCs.

Re:On whose authority? (1)

adolf (21054) | about a year ago | (#43933573)

Who owns the control nodes? Who determines whether or not they are end-user machines?

What authority do they have to disrupt them?

(Also: In the US, corporations may not petition for warrants. If you think otherwise, I'm done with this conversation with you.)

Re:On whose authority? (1)

Richard_at_work (517087) | about a year ago | (#43934345)

Who gives a fuck whether they are end user machines or not, they are control nodes and that is enough to target them.

And I never said Microsoft on their own petitioned for a warrant, thats why they involved the FBI and thats why I said "the FBI and Microsoft..." .

And it just so happens that the court gives them the authority to disrupt them. Obviously.

Re:On whose authority? (0)

Anonymous Coward | about a year ago | (#43937497)

Since when does a US court have jurisdiction on non-US territory? Oh... wait... nevermind

Re:On whose authority? (1)

adolf (21054) | about a year ago | (#43939489)

What court?

What warrant?

Who?

(No, it's not obvious.)

Re:On whose authority? (0)

Anonymous Coward | about 10 months ago | (#43943155)

what court?
http://en.wikipedia.org/wiki/Title_47_CFR_Part_15 [wikipedia.org] for usa residents this one. canada, europe japan have similar laws i think
like it or not radio laws do apply to computers, and runnin a C&C server is violating 'devices may not cause interference and must accept interference from other sources.'
so they are using a device to create interference for devices by sending commands to bot net pcs, which creates harmful interference. with wifi and 3/4g etc there is radio gear affected by botnets also over satellite networks same rules apply. it is like 'duh it was illegal before just nobody cared until things started falling apart'

Re:On whose authority? (1)

adolf (21054) | about 10 months ago | (#44020333)

These rules you specify, even if they weren't related directly to RF, still would not apply: Purposefully fucking up servers != "accepting interference from other sources".

It is, and remains, illegal to intentionally interfere with communications. Or private property in general. In the US. Today. As we speak.

Otherwise, I still expect a law and/or a citeable court order specifically allowing such action, which may or may not involve foreign nationals and their belongings.

Corporations enforcing law (0)

Anonymous Coward | about a year ago | (#43935197)

So do we want corporations enforcing the law? Especially since corporations, through lobbying efforts, buy laws in the first place. In this case, botnets exist because security problems MS themselves put into their software. So MS creates a problem, and gets itself deputized to solve the problem? Imagine the MPAA and RIAA being deputized to enforce laws they bought and paid to have written.

"The Windows 8 maker" (0)

Anonymous Coward | about a year ago | (#43937049)

I'm not sure what angle that is supposed to go. It feels like an initial kick in the junk, followed by a good job by helping foil the bot-net.

From your friendly neighbourhood grammar nazi (1)

BForrester (946915) | about a year ago | (#43937117)

Takedown is a noun.
Take down is the phrasal verb your title is looking for.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...