Microsoft launched an operation against the criminal scheme Citadel

The Microsoft Digital Crimes Unit, the cybercrime division of Microsoft, announced the launch of an operation against Citadel botnets and a related cybercrime group. The special operation also includes a campaign to clean up the computers infected with this Trojan program. The operation is code-named b54 and is carried out by the company together with the FBI, ISP providers and various CERT teams around the world. The goal is to disrupt the coordinated actions of botnets and intruders who derive financial gain from them. After receiving the appropriate order, the company performed a special operation to disable more than 1,400 existing Citadel botnets, which included the physical removal of infrastructure servers. It is noted that the profits of cybercriminals using Citadel amount to more than half a billion dollars that were stolen from the accounts of various organizations and individuals using the Trojan program Citadel. About 5 million people were affected. The United States, European countries, Hong Kong, Singapore, India and Australia were particularly susceptible to malicious code.

The malicious code itself is a popular clone of another malicious program - Zeus. The operation to disrupt the botnet Zeus, MDCU conducted in March 2012 (operation b71). As in the case with Zeus, we are not talking about the complete elimination of the malicious activity of the Trojan program, but such measures will significantly reduce both the activity of Citadel and the level of recoverable funds, reducing it to the lowest possible threshold, which the cybercriminals can do too costly and unprofitable.

Materials of civil lawsuits in the case of the liquidation of Citadel (including in Russian) here .
MS Technet blog post here .