Microsoft's Digital Crimes Unit, with help from authorities in more than 80 countries, on Wednesday cut off the servers controlling as many as 5 million infected PCs that belonged to the Citadel cyber crime operation, which is believed to have stolen more than $500 million from bank accounts over the past 18 months.
"Basically the Citadel bug is now clean," Troels Oerting, head of Europol's European Cybercrime Centre, said on Thursday.
The details are still emerging about the individual roles that dozens of countries across Europe and Asia played in bringing down the estimated 1,400 botnets that were part of the Citadel operation.
Andy Archibald, interim Deputy Director of Britain's National Cyber Crime Unit, said on Thursday that his agency had seized "a number of servers" as part of the effort and was closely working with the FBI on its investigation into Citadel.
Archibald said forensics experts were examining the servers.
Microsoft said on Wednesday that it had collected forensic evidence from two U.S.-based Internet hosting providers, under a federal court order that the company obtained by filing a civil lawsuit against the unknown operators of Citadel.
An FBI spokeswoman said she could not immediately say whether the evidence collected had brought investigators any closer to catching the culprits behind Citadel.
Citadel was used against dozens of financial institutions by stealing passwords with key logging software. The victims include American Express , Bank of America , Citigroup , Credit Suisse , eBay's PayPal, HSBC, JPMorgan Chase , Royal Bank of Canada and Wells Fargo , Microsoft said.
Botnets are armies of infected personal computers, or bots, which run software forcing them to regularly check in with and obey "command and control" servers operated by hackers. Besides financial crimes, botnets are also used to send spam, distribute computer viruses and attack computer networks.
Microsoft said in its court filing that it suspects the developer of the Citadel software, who goes by the alias Aquabox, lives in eastern Europe and works with at least 81 "herders," who may be running the bots from anywhere in the world.
The Citadel software is programmed so it will not attack PCs or financial institutions in Ukraine or Russia, likely because the creators operate in those countries and want to avoid provoking law enforcement officials there, Microsoft said.Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.