Citadel masterminds still free, shut your systems down

By Sunday, June 9, 2013 0 No tags Permalink 0

Microsoft in collaboration with FBI and other agencies tracked the ‘Citadel’ botnet for over a year and managed to shut it down this week by seizing its command and control servers. There were reports that the malware, through its key-logging features, managed to garner enough login information from around the world to steal somewhere around $500 million from bank accounts the world over.

The hunt for the owner of the botnet is on and the alleged mastermind, going by the internet alias Aquabox, is probably hiding in Russia or Ukraine. There are reports that authorities are still trying to find the identities of the hackers behind Citadel and as they are still at large chances are that they may come up with more malware to infect systems and spawn a new botnet out of the newly infected systems.

According to Reuters, “the criminals remain at large and the authorities do not know the identities of any of the ringleaders.”  This leaves us at cross roads again, confused! There is every chance that the seized servers were not the only C&C and more are still out there, dormant and waiting for the right time.

There are different ways in which you will end up being infected and become a part of a botnet. Visit a website and download fake software and that’s it. Click on a link in an email, seemingly from a legitimate source, which says it will give you a free gift and you end up downloading a form which has a malicious macro or an embedded executable file that would actually install a small program on your machine to capture passwords. These and many more ways will force your systems into being a part of a botnet.

Emails, such as the ones mentioned above, are normally circulated using already infected systems and tracing the source only reveals the zombies rather than the command and control servers. The problem is not how sophisticated the malware is or the infection methodology used, it’s a numbers game. Antivirus systems, if kept up to date, do detect such malware most of the time. But, not all users are tech savvy to keep a track of the update status of their anti-virus or lookout for malicious attachments or fake software.

Citadel takedown is definitely a positive towards making the web a little more secure, but up until the mastermind and the bot herders are captured, there will be more ‘Citadel’-like malware and botnet that will spawn. And, here is more to come, if these bad actors behind botnets belong to an organized crime ring in Eastern Europe, well, good luck with that as law enforcement agencies in the US or Europe are going to have a hard time getting to them.

Thousands of requests pound your computer all day long as long as it is connected to the Internet; your open ports fiddled with. Automated scanners try to overwhelm your systems with all kinds of requests and if they find something that is vulnerable, well then all the best again!

The only way that seems to prevent your system from getting infected is disconnecting it from the internet when you don’t need to be online and shutting it down completely at night. All the more defensive stance would be to never install anything; turn it off; and leave it off. Obviously that is not a good solution. Right?