Microsoft and the FBI have taken down a botnet that controlled millions of infected PCs, which was responsible for more than $500m in bank fraud.
The botnet, dubbed Citadel, consisted of more than 1,400 instances located the US, Europe, Hong Kong, Singapore, India and China. The Citadel malware was used to install key-logging tools on victims' PCs, stealing their online bank credentials.
Brad Smith, Microsoft general counsel, said: “The harm done by Citadel shows the threat that botnets, malicious software, and piracy pose to individuals and businesses around the world."
Microsoft first began tracking the Citadel botnet in early 2012, working with financial services firms and law agencies, including the FBI, to instigate the co-ordinated takedown.
Last week it filed a civil suit against the botnet controllers in a US District Court in North Carolina. Yesterday Microsoft officials, along with US Marshals, seized servers from data centres in New Jersey and Pennsylvania as part of the effort.
FBI executive assistant director Richard McFeely said: “[These] actions represent the future of addressing the significant risks posed to our citizens, businesses, and intellectual property by cyber threats and malicious software, which are often enabled by counterfeit and unlicensed software."
According to Microsoft, those behind Citadel spread the malware using pirated Windows XP product keys, which it claims demonstrates the links between software piracy and cybercrime.
Microsoft also admitted that it does not expect to have wiped out the Citadel botnet fully, simply because of its sheer size. But it expects to be able to use the seized equipment to help strengthen its defences against future attacks.
The software titan has taken a more aggressive stance against botnets in recent times, launching several takedown campaigns. Earlier this year, it disrupted the Bamital botnet, believed to have infected thousands of PCs, which were used to conduct click fraud on a massive scale. Other attempts to counter the 'bot herders' have seen Microsoft sinkhole the Kehlios botnet, although new versions have subsequently re-emerged.