Financial Trojan Citadel disrupted in take-down operation

June 13th, 2013 | by Zen Soo
Financial Trojan Citadel disrupted in take-down operation

Citadel program interface

A Trojan horse program specifically targeting banks has been taken out this year, with more than 1,000 botnets that it used being taken offline through efforts by Microsoft, the FBI and members of the financial services industry.

The program, known as Citadel, is a full “crime-ware” kit that has been around since 2011, and is often sold through underground Russian forums at about US$3,000, according to a report by Symantec this week.

Citadel provides users with payload builders, command and control server infrastructure as well as configuration scripts to target various banks.

Although Citadel infections have spread globally, the majority of the infections were found in Australia, Italy and the United States over the past six months.

While the take-down may not completely eliminate the threat of Citadel, campaigns by attackers have been disrupted and a clear message is sent out that their actions are being monitored, according to Symantec.

More information about financial Trojans can be found in Symantec’s whitepaper.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.