Working alongside the FBI, Microsoft has taken aim at one of the cyberworld’s most notorious botnets, which is said to have made its hacker controllers as much as half a billion dollars in the last 18 months.

Microsoft’s operation focused on a botnet known as Citadel, which it terms the “most aggressive botnet operation to date”. The firm’s Digital Crimes Unit acted on a warrant from the U.S. District Court for the Western District of North Carolina to shut down more than 1,400 extant botnets controlled by Citadel, which is said to have taken control of about five million computers worldwide. Supposing these figures are accurate, that amounts to approximately $100 in profit generated by each machine within the botnet, a massive amount of money for a hacking operation of this kind.

With the income-per-device at that kind of level, it’s not surprising that many hackers continue to see botnets as a highly lucrative business. Microsoft said that Citadel propagated itself around the world via corrupt copies of its Windows operating system – not exactly an original trick, but one that’s proven to work time and time again.

Botnets are essentially networks of computers that are controlled using malware, which makes them ‘virtual slaves’ for the cybercriminals running them. Using the combined power of the botnet’s thousands of computers, hackers are able to attack other servers, spread viruses, send out spam and steal data – often hiring out their services to other cybercriminals and scammers. In the case of Citadel, Microsoft says that the malware also contained a keylogger program that would record victim’s keystrokes, swiping information about bank accounts and other personal data. Worse still, Citadel also blocked computers from visiting anti-virus sites, thus preventing inexperienced users from removing it from their machines.

How botnets are used to make money

Microsoft had known about Citadel for some time, but in order to take it out it needed legal approval. That was granted when the U.S. District Court for the Western District of North Carolina’s ruling gave Microsoft permission to “cut off” the ability of the Citadel botnet’s various components to communicate with one another. According to Redmond’s press release, “Microsoft, escorted by the US Marshals, seized data and evidence from the botnets, including computer servers from two data hosting facilities in New Jersey and Pennsylvania.”

Unfortunately, Microsoft wasn’t able to completely dismantle Citadel yet. However, it claims that today’s seizures will “significantly disrupt” the botnet’s effectiveness. The cybercriminal’s profits are about to shrink considerably, while Microsoft will use the data collected from its seizures to root out other infected computers and advise their owners on how to remove the malware from their machines.