Connect with us

Hi, what are you looking for?

HEADLINES

Microsoft, FBI take down global banking Trojan

The Citadel Trojan interface

Citadel, a banking Trojan which has been in existence since 2011, has been recently taken down by Microsoft and members of the financial services industry and the FBI. The takedown operation resulted in over 1,000 Citadel botnets being taken offline.

The Citadel Trojan interface

The Citadel Trojan interface

As with most banking Trojans, Citadel is a full crimeware kit, providing the attackers with payload builders, a command and control (C&C) server infrastructure, and configuration scripts to target various banks. Citadel is a descendant of that other behemoth of the financial Trojan world, Trojan.Zbot (Zeus). It came into existence after the Zeus source code was leaked in 2011, with criminal groups taking that code and enhancing it.

Citadel is aimed at a more “exclusive” attacker market than its more widespread predecessor, Zeus. The Citadel kit is sold through underground Russian forums and typically costs around $3,000, compared to $100 for the SpyEye and leaked Zeus kits. Citadel users have to also fork out a further $30-$100 to purchase Web inject code for the banks that they wish to target. Additionally, even if attackers have that money to spend, there is a strict vetting process with referrals required for new purchasers.

Citadel infections have spread around the globe so security experts such as Symantec welcome news of the takedown of these Citadel botnets.

“While these takedowns may not eliminate the threat of Citadel completely, it certainly disrupts current campaigns and sends out a clear message to attackers that their actions are being monitored,” says Symantec in its company blog. “Symantec also welcomes the cooperation between the public and private sector in taking action against this threat.”

Advertisement. Scroll to continue reading.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The exploit, discovered by Kaspersky’s Global Research and Analysis Team (GReAT), required no user interaction beyond clicking a malicious link and demonstrated exceptional technical...

SOFTWARE

With these enhancements, Copilot is now more accessible than ever across Windows 11, macOS, mobile apps, and Telegram. Plus, with improved local interoperability, Copilot...

HEADLINES

At the end of 2023, Sophos X-Ops noted a significant increase in ‘remote encryption’ attacks – where ransomware attackers breach a compromised and often...

HEADLINES

With the launch of KATA 7.0, organizations can now benefit from enhanced Network Detection and Response (NDR) capabilities with deeper network visibility, internal threats...

HEADLINES

In 2024, Globe blocked 3,096 child pornography domains or those containing child sexual abuse and exploitation materials (CSAEM), a slight increase from 3,047 domains restricted...

HEADLINES

During a recent webinar on Building Resilience Against Online Scams, hosted by fiber broadband and technology provider Converge ICT Solutions Inc., its Chief Executive...

HEADLINES

In 2024, Kaspersky restructured its Partner Program into four key partner types, recognizing the diverse profiles within its network – from traditional resellers and...

White Papers

The study tested 2,000 UK and US consumers, exposing them to a series of real and deepfake content. The results are alarming: only 0.1%...

Advertisement