Has Citadel Compromised Your Anti-Virus?
The Citadel software disables anti-virus programs on infected PCs so they cannot detect malicious software. This means that if your PC was infected by Citadel, it still is despite the takedown of 1000 Citadel servers.
By Marty Algire for Fixmestick.com
Twelve days after Microsoft announced the take down of approximately 1000 botnets running the Citadel botnet software, Security researchers debate whether Microsoft’s actions were effective in slowing down the banking malware.
There are still at least 400 active Citadel botnets on the Internet. In fact, if you enter “citadel zeus” into Google Search you will see around the 4th search result a product page for the Citadel crime kit complete with a list of features, a promise of customer support, and a price (2,399.00).
And according to Microsoft, Citadel has infected as many as 5 million PCs around the world, and is used to steal from users banks including American Express, Bank of America, Citigroup, Credit Suisse, eBay’s PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo. The Citadel software disables anti-virus programs on infected PCs so they cannot detect malicious software. This means that if your PC was infected by Citadel it may still be despite the takedown of 1000 Citadel servers. It also means that your PC has been exposed to other infections because your anti-virus program has been compromised.
What I want to know is – is my PC infected with Citadel?
Microsoft says it is working with Internet Service Providers (ISPs) and Computer Emergency Response Teams (CERTs) around the world to quickly and efficiently clean as many computers as possible. It can do this by identifying the IP address of the PC that has a Citadel virus contacting a server that is now controlled by Microsoft, and it can communicate that IP address back to the ISP or CERT that controls that corresponding block of IPs.
To find out for yourself, it is best to scan your PC from a live CD (or “rescue” CD or USB) rather than a previously installed antivirus program. Many antivirus products provide the ability to create a rescue media as an additional and free feature, alternatively you can check out the FixMeStick virus removal device which comes already setup on a USB device. After the scan make sure to uninstall and reinstall your regular antivirus program. This will make sure all the required program files have been replaced with the correct ones directly from the program’s manufacturer.
This post appears with permission from fixmestick.com.
PC Pitstop Notes:
