Citadel is a “crimekit” for distributing viruses, managing botnets and stealing passwords, allowing cybercriminals to access email accounts, social network profiles or bank accounts, using screen capture and keystroke logging technology.
Around 1,400 botnets have been created by the Citadel malware, which first emerged in early 2012
.
Microsoft said the Citadel kit could be bought from underground web forums for about $2,400. It added that more than 5m people had been affected by the malware in as many as 90 countries including the US and Australia.
[.]
The legal documents showed the online pseudonyms and purported contact information for 81 “John Doe” defendants. Many of the alleged criminals are based in the US and Russia, while others are in Europe, Brazil, China and Australia.
According to the legal filings, these individuals allegedly maintained the Citadel system, providing each other with “support with technical problems and best practices in deploying, running and defending their Citadel botnets”.
The originator of Citadel, whose identity remains unknown, even operated a “customer relationship management tool”, through which the cybercriminals could suggest new “features”, upon which the other operators voted.
[..]
Microsoft said the “size and complexity” of the Citadel operation meant that it was unable to completely eliminate the threat and recommended that victims use antivirus software and keep their operating systems updated.
Citadel was built on similar code and infrastructure to the “Zeus” botnet, which was widely used by cyber criminals, many in eastern Europe, before 2010. The operation against Citadel was earlier reported by Reuters.
.
.