(CN) - A computer mastermind and 81 henchmen control "Citadel Botnets" that have infected computers worldwide and stolen as much as $500 million from users, Microsoft claims in a federal RICO complaint.
Microsoft sued "John Does 1-82, controlling a computer botnet thereby injuring Microsoft and its customers, in Charlotte, N.C. Federal Court.
Microsoft filed the sealed complaint on May 29; it became public on June 5 after a judge granted a civil seizure warrant that resulted in an FBI bust that took down 1,462 Citadel botnets in North Carolina, Pennsylvania and New Jersey according to a report on C/Net.com.
In its complaint, Microsoft accuses the defendants of fraud, racketeering, trademark infringement, trespass, conversion, unjust enrichment and violating three federal computer laws and North Carolina computer laws.
A botnet is a network of computers running malware receives instructions from another computer. End users unwittingly become infected with the malware by interacting with a malicious website ad or email attachment or by downloading malicious software.
Once installed on an unsuspecting user's computer, the malware executes code causing the computer to become part of the botnet - making the computer capable of sending and receiving communications, code and instructions to and from other botnet computers.
"Criminal organizations and individual cyber criminals often create, control, maintain and propagate botnets in order to carry out misconduct that harms others' rights," Microsoft says in the 46-page complaint. "They use botnets because of botnets' ability to support a wide range of illegal conduct, their resilience against attempts to disable them and their ability to conceal the identities of the malefactors controlling them. The controllers of a botnet will use an infected end-user computer for a variety of illicit purposes unknown to the end user. A computer in a botnet, for example, may be used to:
"a. carry out theft of credentials and information, fraud, computer intrusions or other misconduct;
"b. anonymously send unsolicited bulk email with the knowledge or consent of the individual user who owns the compromised computer;
"c. deliver further malicious software that infects other computers, making them part of the botnet as well; or
"d. 'proxy' or relay internet communications originating from other computers in order to obscure and conceal the true source of those communications. Botnets provide a very efficient general means of controlling a huge number of computers and targeting any action internally against the contents of those computers or externally against any computer on the Internet."
The Citadel botnets primarily steal account credentials for online banking websites. When Citadel malware infects a user's computer, the software finds the user's online banking credentials, gets into the user's bank account and steals financial information - and money.
Microsoft says the Citadel botnets use similar software code and infrastructure as their progenitor, the Zeus botnet. It claims that Citadel's developer - John Doe 1 - has operated in Internet anonymity for years, selling botnet codes on the web as "builder kits" that allow others to infect end users and steal financial information.
"Depending on the level of sophistication in particular versions and the level of support and customization provided, the code may cost from approximately $2,400 or more for comprehensive or tailored versions. These kits contain software that enable other defendants to generate executable botnet code, configuration files and web server files that they deploy on command and control servers," Microsoft says in its complaint.