A posting from Naked Security:
As we mentioned last week, Microsoft recently fought back against more than 1,400 Citadel botnets by sinkholing their Command and Control (C&C) infrastructure.
SophosLabs has been monitoring Citadel for some time, including individual botnets such as those targeting Canadian institutions, so I decided to take a closer look at the impact of the takedown.
I took a snapshot of the active Citadel botnets we are currently seeing and cross referenced 72 C&C servers with the list published by Microsoft.
Then, I verified where the DNS records of those servers were now pointing.
Worryingly, I found that 51% of the 72 domains analysed did not appear in Microsoft’s published list.
A more worrying 20% of the Citadel domains were on Microsoft’s list but were not ending up at the sinkhole.
This implies either that the sinkholing was unsuccessful or that the domains have already been re-appropriated by the Citadel botnet owners.
To read more click here: