Citadel was known to have over 1,400 instances across the globe with most of the instances located in the US, Europe, India, China, Hong Kong and Singapore. The botnet a malware by the same name and this malware once on a system was used to install key-logging tools on target systems, which were then used to steal online banking credentials.
The Windows 8 maker first started tracking the Citadel botnet back in 2012 following which it worked in close collaboration with FBI, financial agencies and law agencies to initiate a coordinated takedown. Just last week Microsoft filed a civil suit against the controllers of the botnet and yesterday officials seized servers identified as command and control servers from New Jersey and Pennsylvania.
According to Microsoft pirated Windows XP product keys were used to spread the Citadel malware. Redmond isn’t claiming a full take down because of the sheer size of the botnet but, it is optimistic that the seized equipment will help it to strengthen defenses in the future.
Prior to take down of Citadel, Microsoft has been a key player in take down of other botnets like Bamital, Kehlios and Nitol botnet.