Microsoft announces the destruction of almost 90% of Citadel malware bots worldwide

Back in June, we reported on Microsoft and the FBI working together to take down the financial malware Citadel. Over a month later, it looks like the partnership has more than paid off. Microsoft has reported that around 88 percent of botnets that were running the Citadel malware when the partnership was announced have now been disrupted, thanks to the company’s collaboration with the FBI and other technological and financial service partners. It’s also estimated that about 40 percent of Citadel-infected computers that were a part of these botnets have been cleaned of the infection, although Microsoft haven’t been very forthcoming with details of how exactly this was achieved.

Richard Domingues Boscovich, assistant general counsel for Microsoft’s Digital Crimes Unit, posted a blog post towards the end of June claiming that Microsoft had identified around 1.3 million unique IP addresses that were connected to a ‘sinkhole’ system that the company had implemented, in order to replace the ‘command’ servers used by Citadel hackers.

After analysing IP addresses and user information sent by these computers when they connected to the sinkhole servers, Microsoft estimated that around 1.9 million computers were a part of the targeted botnets. The number may have even been higher given that multiple computers can connect via a single IP address. The company then began working with researchers and anti-malware organisations such as the Shadowserver Foundation in order to let victims know about the malware and work to remove it.

Although the partnership may sound positive so far, some security researchers have raised concerns about the way in which the companies chose to take down the botnets. A security researcher from the abuse.ch botnet tracking service has already criticised Microsoft for sending configuration files to computers that were infected with the malware, pointing out this amounts to modifying settings without the owner’s consent and is a potential violation of local law.

Although the FBI and Microsoft are coming down pretty heavily on the Citadel malware, there's still a lot of dangerous technology out there. A VPN service is an easy way to amplify your computer's defenses: the VPN adds an extra layer of protection to your computer to keep your connection more secure and your personal data private.