Citadel Shutdown Leads to Security Damage, Observes Expert
According to a security researcher from Switzerland, Microsoft, which recently dismantled the Citadel botnet, although prevented thugs from utilizing the malware any longer to filch Internet banking data, nevertheless, there's occurred certain collateral damage in the form of sinkhole server knockdown the servers that security experts relied on for determining best solutions towards fighting cyber-criminals, reported networkworld.com dated June 10, 2013.
The security investigator informs that Microsoft's operation in collaboration with FBI that is named Operation b54 confiscated over 4,000 DNS (domain name systems), with 300 of them by then sink-holed with the help of abuse.ch, name of one Switzerland-based security blog.
The experts-handled sinkhole servers did the task of collecting information regarding PCs which had been converted to zombies i.e. compromised systems. That helped in notifying the original owners of the PCs through a voluntary association called Shadowserver Foundation so victims could adopt measures for cleansing their systems, the Swiss investigator said.
Earlier in 2012, Microsoft displayed likewise action through its takedown initiative of ZeuS botnet when it confiscated several thousand domains pertaining to the botnet, of which hundreds of them had by then been sink-holed through abuse.ch.
The above thus prompted abuse.ch to establish one Sinkhole Registry, not for public use, but to help security agencies and law enforcement for eschewing likewise happenings in future.
In his blog, the security investigator wrote that he had anticipated the software giant had gotten wiser; nonetheless, things remained the same, while his own efforts too did not alter anything. Abuse.ch reported this dated June 7, 2013.
The investigator additionally stated that because Microsoft seized the earlier Citadel DNSs that abuse.ch had sink-holed, Shadowserver wouldn't any longer be capable of notifying the contaminated customers' IP addresses associated with those DNSs that would have otherwise contacted the network-controllers.
The problem isn't only with abuse.ch since many more sinkhole agencies too faced the dilemma. The Swiss researcher calculated that of the 4K DNSs that Microsoft grabbed, 1K DNSs underwent sink-holing. Indeed, those 1K DNSs didn't anymore pose danger to Internauts rather were really utilized towards improving Internet surfing, he concluded. Theregister.co.uk published this dated June 10, 2013.
» SPAMfighter News - 15-06-2013