Notorious Trojan Citadel Resurfaces, Attacks Internet-users in Japan

Trend Micro the security company says, Citadel the much known infamous banker Trojan is back in new versions, this time, targeting Japanese PC owners.

It (Trend Micro) observes, assaults by the Citadel variants are spreading, while security investigators have been able to locate the malware's IP addresses linked up with its C&C servers that associate with data centers within Europe and USA. Still, the latest assaults appear as targeting solely banking and financial organizations on Japanese land.

The investigators observe that based on the servers' examinations, it has been found that linkages with the servers numbering as many as 96% are from Japan, as a result, additionally proving that the particular country is the origin of contaminations from the Citadel. Infosecurity-magazine.com published this dated September 3, 2013.

Besides, following an increased rate of the mentioned command-and-control systems' examination, Trend Micro discovered that over 6 days at a stretch at least 20,000 distinct IP addresses had linked up with the servers, while there was just too little decline from the start onto the end. That certainly suggests the botnet infection possibly is widely spreading.

Citadel's re-emergence is the most recent news following law enforcement's shutdown efforts. During June 2013, Microsoft acted legally towards stopping the Citadel network of bots that had been disseminating Trojan ZeuS, the banking malware. It captured the C&C servers, dissociating their connections with about 1,400 Citadel network-of-bots, which believably resulted in financial losses of more than one-half billion USDs. Both Citadel and ZeuS malware groups bear a close relationship, while them acting as the banking sector's major problem.

And even after successful shutdowns, Citadel has re-emerged again and again. Rik Ferguson, Security Director of Trend Micro explains that the malicious program's easy, open availability on many underground trade sites implies that possibly there will be a continuous appearance of the Trojan's increased variants. V3.co.uk published this dated September 3, 2013.

Already security warnings from the Japanese financial and banking institutions alert alliances and clients about the ongoing assault. Therefore like every time, Internauts must pay attention to any warnings prior to making access to personal Internet banking A/Cs.

» SPAMfighter News - 9/13/2013