SCF Advanced Search

  • Total Posts: 40526
  • Total Topics: 14430
  • Online Today: 762
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Bank Account Logins for Sale, Courtesy of Citadel Botnet  (Read 2015 times)

0 Members and 1 Guest are viewing this topic.


  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Bank Account Logins for Sale, Courtesy of Citadel Botnet

Financial theft is one of the most lucrative forms of cybercrime. Malware authors continue to deliver sophisticated tools and techniques to unlock online bank accounts. Attackers design and develop botnets to perform financial fraud, targeting banks and other institutions for profit. These botnets traditionally have monitored victims’ Internet activities and intercepted banking transactions to extract account credentials and send them to their control servers. Recent botnets are armed with more advanced capabilities, yet traditional methods continue to be the most effective way to steal money.

Recently I came across an underground Russian forum in which an author was actively selling botnet logs with account-login details from one targeted bank.

(click the images to make them larger)

These botnet logs were from the Citadel botnet Version (Extreme Edition). Citadel is a variant of the popular Zeus botnet and has been widely seen since late 2012. This botnet has already been covered in blogs and by McAfee Labs.

Here is an image of server code for extracting bank account information.

Next we see what Citadel can do. I tried log in to several bank accounts using the posted credentials and was surprised to find that most of the accounts mentioned were active. I could log in to them successfully.

Our research has revealed that Citadel  is one of the most active botnets in the world, spanning several locations across Europe. One of the major reasons for its common use is that the botnet setup services are fairly cheap via the underground community. Here is an advertisement for the Citadel setup service.

The same user offers the setup services on another forum:

Many cybercriminals avoid transferring money to their own accounts due to the risk of prosecution, but selling the account information and making the money from the sale is an effective way of preserving  anonymity. Thus the attacker can’t be held accountable for the transfers made from a stolen account.

As the precautionary measure, we should look out for accounts being accessed or transactions made to/from different geographical locations. Banks place limits on the amount of money that can be transferred in one day or in a single transaction. Spotting small, unauthorized transactions made from an account should be noticeable and prevent major financial losses.

Original article: Thursday, May 16, 2013 at 10:56pm by Chintan Shah
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing !,8405.msg21475.html#msg21475

Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising