Jun 20, 2013

    Attack on botnets 'freed 2m PCs'

    MICROSOFT said that an assault it led earlier this month on one of the world's biggest cybercrime rings has freed at least two million PCs infected with a virus believed to have been used to steal more than US$500 million (S$630 million) from bank accounts worldwide.

    "We definitely have liberated at least two million PCs globally. That is a conservative estimate," Mr Richard Domingues Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit, said in an interview on Tuesday.

    He said the vast majority of infected machines were in the United States, Europe and Hong Kong.

    Microsoft and the Federal Bureau of Investigation (FBI), aided by the authorities in more than 80 countries, sought to take down 1,400 malicious computer networks known as the Citadel Botnets by severing their access to infected machines on June 5.

    Microsoft's unit is working with its partners overseas to determine how many of the Citadel botnets are still operational.

    "We feel confident that we really got most of the ones that we were after," Mr Boscovich said. "It was a very, very successful disruptive action."

    The ringleader, who goes by the alias Aquabox, and dozens of botnet operators remain at large and the authorities are working to uncover their identities. Mr Boscovich said he suspects Aquabox is in Eastern Europe.

    The botnets, which were run from "command and control" servers at data-hosting centres around the world, were used to steal from hundreds of financial institutions, according to court documents that Microsoft filed to get permission to shut down servers in the US that were being used to run the operation.

    Data-centre operators typically are not aware that their servers are being used to run botnets.

    The ring targeted firms of all sizes, from tiny credit unions to global banks such as Bank of America, Credit Suisse, HSBC and Royal Bank of Canada.

    Citadel is one of the biggest botnets in operation today.

    Microsoft said its creator bundled the software with pirated versions of the Windows operating system.

    The FBI, which on Tuesday declined to comment on its progress in the investigation of Citadel, has said it is working closely with Europol and other overseas authorities to capture the unknown criminals.

    Cybercriminals infect machines typically by sending spam e-mail containing malicious links and attachments, and by infecting legitimate websites with computer viruses that attack unsuspecting visitors.

    Some bot herders rent or sell infected machines in underground markets to other cybercriminals looking to engage in a wide variety of activities, including credit-card theft and attacks on government websites.

    The Citadel software disables anti-virus programs on infected PCs so that they cannot detect malicious software. It surfaced early last year and is sold over the Internet in kits that cost US$2,400 or more.