Citadel malware active on 20,000 PCs in Japan, says Trend Micro

The malware, which steals financial and login info, is actively sending data to servers in the U.S. and Europe

Citadel malware is installed on over 20,000 PCs in Japan and actively sending financial information it harvests to servers abroad, according to security software vendor Trend Micro.

Tokyo-based Trend Micro said it monitored remote servers in the U.S. and Europe that collect data gathered by Japanese versions of the malware for six days last week. On some days there were nearly 230,000 connections made from 20,000 infected computers.

The malware has been designed specifically to target domestic users, collecting financial details corresponding to six Japanese financial institutions as well as popular services such as e-mail from Google, Yahoo and Microsoft.

"Damage from this tool for online banking fraud is still continuing today," Trend Micro said in a Japanese security blog.

The security firm said it detect IP addresses from at least nine remote servers that are being contacted regularly by copies of Citadel on infected computers. It said over 96 percent of the contact comes from PCs in Japan.

Citadel is malware that can modify or replace websites opened on the computers it infects. It then collects log-in details and other private information and sends it to remote servers. Some varieties also block access to anti-virus sites to prevent users from cleaning their computers.

The software allows malicious users to create networks, or botnets, of infected PCs that harvest details and send them to remote servers. It can be customized to mimic specific sites in different countries.

Last month Microsoft and the U.S. Federal Bureau of Investigation worked together to disrupt 1,400 Citadel botnets that the company said were responsible for over half a billion dollars in financial losses worldwide.

The action disrupted many existing Citadel botnets, but anyone with a builder application can create customized versions and launch an operation of their own.

Highly-customized versions of the malware, with detailed content localization and advanced techniques to corrupt browser software, have also popped up across Europe since the Microsoft action.

Tags securitytrend microfraudmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jay Alabaster

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?