In old times, a citadel was a fortress used as the last line of defense. For cyber criminals it is a powerful and state-of-the-art toolkit to both distribute malware and manage infected computers (bots). Citadel is an offspring of the (too) popular Zeus crimekit whose main goal is to steal banking credentials by capturing keystrokes and taking screenshots/videos of victims’ computers. Citadel came out circa January 2012 in the online forums and quickly became a popular choice for criminals. A version of Citadel (220.127.116.11) was leaked in late October and although it is not the latest (18.104.22.168), it gives us a good insight into what tools the bad guys are using to make money.
In this post, I will show you how criminals operate a botnet. This is not meant as a tutorial and I do want to stress that running a botnet is illegal and could send you to jail.