Computer experts race against the clock to thwart Citadel virus in Hong Kong
Computer experts in race to combat threat that could put users' information in hands of hackers
Staff Reporters and Reuters in Boston
Computer experts in Hong Kong are racing against time to stop a virus that could put "a considerable number" of computers under the control of hackers.
The emergency operation follows an internationally co-ordinated crackdown, in which Hong Kong played a part, on what is deemed "one of the world's biggest cybercrime rings". It is believed to have stolen more than US$500 million from bank accounts around the world over the past 18 months.
Microsoft, which has led the crackdown with the FBI in conjunction with authorities in more than 80 countries, said its digital crimes unit had successfully taken down at least 1,000 of an estimated 1,400 malicious computer networks called the Citadel Botnets.
Citadel monitors keystrokes on infected computers and sends information such as account names and passwords to hackers, so cybercriminals can use stolen passwords to steal money from online bank accounts.
As many as five million computers in 90 countries have reportedly been infected, with bank accounts at dozens of financial institutions - including American Express, Bank of America, Citigroup, eBay's PayPal, and HSBC - affected, according to Microsoft.
Hong Kong is one of the places with the most infections.
Citadel is programmed so it will not attack computers or financial institutions in Ukraine or Russia, probably because the creators operate in those countries and want to avoid provoking law enforcement officials there, Microsoft said.
The criminals are still at large but the crackdown is believed to have dealt a significant blow to their capabilities.
"The bad guys will feel the punch in the gut," said Richard Boscovich, assistant general counsel with Microsoft's digital crimes unit.
The Hong Kong Computer Emergency Response Team Co-ordination Centre said it had been in contact with Microsoft to work out solutions.
"We believe there are quite a number of control centres here," said senior consultant Leung Siu-cheong, referring to computers that had been hacked and used to control other computers by hackers.
"One characteristic of Citadel is that it is hardly detectable," said Leung. "Once infected, it can shut down your firewall or anti-virus software."
Although the botnet threat had not been entirely wiped out, Leung said there was no need for computer users to over-worry.
"[The malware network] has been significantly disrupted, offering an opportunity to eliminate the virus from infected computers," said Leung. "And if you do not find any unusual transactions on your bank accounts, you should be fine."
He expected a solution, as well as a report on the scale of the problem in Hong Kong, to be ready as early as today.
On the mainland a leading antivirus and network security company, Rising, said its surveillance system had not detected Citadel activities on the mainland or attacks on banks.