According to a Swiss beveiligingsonderzoeker was the action of Microsoft and the FBI, in which 1400 Citadel botnets were disrupted mainly a pr-stunt. The action would have no impact on the Citadel and the seizure of domain names would be a lot of security projects have been affected.
Thursday made Microsoft and the FBI announced hundreds of Citadel botnets ‘disturbed’. This would, among other 4000 domain names seized, then to Microsoft servers to refer to. This method is sinkholing, and by a number of organisations used to provide information about botnets and infected zombiesystemen to warn.
One of those organizations is the Swiss hobby-project Abuse.ch, that the information obtained is provided to the non-profit organization, Shadowserver, which, in turn, more than 1,500 organizations and 60 national Computer Emergency Response Teams, inform. Abuse.ch claims, however, that multiple domain names that it used for sinkholes, by Microsoft have been seized.
Inquiry with similar projects, the administrator of the site, estimate that even 1000 of the 4000 domain names that Microsoft has lasted already been used by security researchers for sinkholing. This, while there is a Sinkhole Registry is and Microsoft last year in an operation against ZeuS botnets, for some security projects in this way frustrated.
Furthermore, Microsoft would configuration files to infected systems that are part of the botnet to send, without the user shall be informed. This override of the Citadel-configuration has the advantage that the systems do not connect with the servers of the malicious botnet and also sites of antivirus companies can approach, but modifying the systems without notice to the user, is an offence in many countries. In addition, Abuse.ch, however, that the internetciminelen now probably their strategy to apply, what the fight more difficult.