Was Microsoft’s takedown of Citadel effective?

A posting from Naked Security:

As we mentioned last week, Microsoft recently fought back against more than 1,400 Citadel botnets by sinkholing their Command and Control (C&C) infrastructure.

SophosLabs has been monitoring Citadel for some time, including individual botnets such as those targeting Canadian institutions, so I decided to take a closer look at the impact of the takedown.

I took a snapshot of the active Citadel botnets we are currently seeing and cross referenced 72 C&C servers with the list published by Microsoft.

Then, I verified where the DNS records of those servers were now pointing.

Worryingly, I found that 51% of the 72 domains analysed did not appear in Microsoft’s published list.

A more worrying 20% of the Citadel domains were on Microsoft’s list but were not ending up at the sinkhole.

This implies either that the sinkholing was unsuccessful or that the domains have already been re-appropriated by the Citadel botnet owners.

Furthermore, as described by Swiss researchers at abuse.ch, Microsoft has caused the same sort of collateral damage as in its last Zeus botnet takedown.

 

To read more click here:

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.