* Citadel botnets hosted in over 80 nations
* Microsoft says $500 million stolen before crack down
* Agents working to identify ringleader
By Jim Finkle
BOSTON, June 18 (Reuters) - Microsoft Corp saidthat an assault it led earlier this month on one of the world'sbiggest cyber crime rings has freed at least 2 million PCsinfected with a virus believed to have been used to steal morethan $500 million from bank accounts worldwide.
"We definitely have liberated at least 2 million PCsglobally. That is a conservative estimate," Richard DominguesBoscovich, assistant general counsel with Microsoft's DigitalCrimes Unit, said in an interview on Tuesday.
He said the vast majority of infected machines were in theUnited States, Europe and Hong Kong.
Microsoft and the FBI, aided by authorities in more than 80countries, on June 5 sought to take down 1,400 maliciouscomputer networks known as the Citadel Botnets by severing theiraccess to infected machines. Microsoft's Digital Crimes Unit isworking with its partners overseas to determine exactly how manyof the Citadel botnets are still operational.
"We feel confident that we really got most of the ones thatwe were after," he said. "It was a very, very successfuldisruptive action."
The ringleader, who goes by the alias Aquabox, and dozens ofbotnet operators remain at large and the authorities are workingto uncover their identities. Boscovich said he suspects Aquaboxis in Eastern Europe.
The botnets, which were run from "command and control"servers at data hosting centers around the world, were used tosteal from hundreds of financial institutions, according tocourt documents that Microsoft filed to get permission to shutdown servers in the United States that were being used to runthe operation.
Data center operators typically are not aware that theirservers are being used to run botnets.
The ring targeted firms of all sizes, from tiny creditunions to global banks such as Bank of America, CreditSuisse, HSBC and Royal Bank ofCanada.
Citadel is one of the biggest botnets in operation today.Microsoft said its creator bundled the software with piratedversions of the Windows operating system.
The FBI, which on Tuesday declined to comment on itsprogress in its investigation of Citadel, has said it is workingclosely with Europol and other overseas authorities to capturethe unknown criminals.
Cyber criminals typically infect machines by sending spamemails containing malicious links and attachments, and byinfecting legitimate websites with computer viruses that attackunsuspecting visitors. Some bot herders rent or sell infectedmachines on underground markets to other cyber criminals lookingto engage in a wide variety of activities including credit cardtheft and attacks on government websites.
The Citadel software disables anti-virus programs oninfected PCs so they cannot detect malicious software. Itsurfaced in early 2012 and is sold over the Internet in kitsthat cost $2,400 or more.