Citadel virus being spread by Hong Kong computers

Worldwide blitz uncovers two machines in city that give hackers access to online bank accounts

PUBLISHED : Saturday, 08 June, 2013, 12:00am
UPDATED : Saturday, 08 June, 2013, 4:16am

Two computer servers that spread the virus known as Citadel Botnets are located in Hong Kong, according to the latest findings of an international crackdown led by Microsoft and the FBI.

While it remained unclear yesterday how many local computers had been attacked by the virus, Hong Kong police said they had been notified of the existence of the computers here.

Experts in the city have been racing to stop the virus, which could put "a considerable number" of computers under the control of hackers.

The virus is also the subject of an internationally co-ordinated effort involving more than 80 countries.

"Microsoft has traced two command and control centres to an IP address in Hong Kong. We and the police were notified on Thursday," said Leung Siu-cheong, a senior consultant at the Hong Kong Computer Emergency Response Team Co-ordination Centre.

The police confirmed they were investigating, but said no arrests had been made.

Leung said it was not necessary for the Hong Kong "centres" to be manned.

"The computers are of high speed and in operation 24 hours non-stop," Leung said. "They can be controlled remotely."

Hong Kong is one of the places worst-hit by Citadel, considered to be one of the world's biggest cybercrime rings.

Microsoft said on Thursday that its digital crimes unit had successfully taken down at least 1,000 of an estimated 1,400 such computers that acted as command and control centres worldwide.

Citadel is programmed not to attack computers or financial institutions in Ukraine or Russia.

It monitors keystrokes on infected computers and sends information such as account names and passwords to hackers, so that cybercriminals can use stolen passwords to steal money from online bank accounts.

As many as five million computers in 90 countries have reportedly been infected, with bank accounts at dozens of financial institutions - including American Express, Bank of America, Citigroup, eBay's PayPal, and HSBC - affected, according to Microsoft.

It is believed to have stolen more than US$500 million from bank accounts around the world over the past 18 months.

Leung reminded anyone using an online bank account to stay alert and keep an eye on their transaction records.

Facebook users should also take extra care, he said.

"Citadel could plant malicious links in the hacked accounts so that the users' friends click on them and get the virus as well," Leung said.

Anyone attempting to get around product keys to access software which requires a code should be cautious, Leung said, as the links used to do so were also prone to Citadel attacks.

But he advised computer users not to panic, and instead ensure their patches, security software and firewalls were properly updated.



Send to a friend

To forward this article using your default email client (e.g. Outlook), click here.

Enter multiple addresses separated by commas(,)

Related topics