The FBI, partnering with Microsoft (News - Alert), has declared war at the Citadel botnet after it was found that the botnet may have been used to steal as much as a half billion dollars in 18 months in massive cyber-thefts.

Some five million computers are suspected of being infected with the Citadel malware, and there are some 1,400 extant botnets controlled by the Citadel infection. The infection is most prevalent in the United States, Europe, Hong Kong, Singapore, India and Australia. It could have already impacted computers in 90 countries.

Microsoft and representatives of other businesses found out that when a computer was infected with Citadel malware, the malware would record a user’s keystrokes – in a process known as “key logging.” This lets cyber thieves gain access to a user’s bank account where they can steal money or take personal identification.

"The harm done by Citadel shows the threat that botnets, malicious software and piracy pose to individuals and businesses around the world," Brad Smith, Microsoft’s general counsel, said in a recent statement carried by TMCnet. "Today's coordinated action between the private sector and law enforcement demonstrates the power of combined legal and technical expertise and we're going to continue to work together to help put these cybercriminals out of business."

In addition, Microsoft has filed a civil suit against the cybercriminals operating the Citadel botnets. The company is cutting off communication between 1,462 Citadel botnets and the millions of infected computers – after getting the go-ahead from a federal court.

On Wednesday, Microsoft and U.S. marshals seized data and evidence from the botnets, including computer servers from two data hosting facilities in New Jersey and Pennsylvania. The FBI has executed court-authorized search warrants connected to the botnets. Foreign investigators will address botnets in their respective countries, as well, such as Europol.

Law enforcement officials in many nations are cooperating with the U.S. inquiry. The countries include: Australia, Brazil, Ecuador, Germany, Holland, Hong Kong, Iceland, India, Indonesia, Spain and the United Kingdom.

In addition, FBI Executive Assistant Director Richard McFeely said, "Creating successful public-private relationships – in which tools, knowledge, and intelligence are shared – is the ultimate key to success in addressing cyber threats and is among the highest priorities of the FBI. We must ensure that, as cyber policy is developed, the ability of the private sector to coordinate in real time with the FBI is encouraged so that a multi-prong attack on our cyber adversaries can be as effective as possible."

Many financial institutions were targeted by the Citadel malware. These include: American Express, Bank of America, Citigroup, Credit Suisse, eBay’s (News - Alert) PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo, news reports said. In total, they lost an estimated $500 million.

As of this week, Microsoft’s digital crimes team took down “at least 1,000 of an estimated 1,400 malicious computer networks,” Reuters (News - Alert) reported. Some 455 of the 1,000 botnets shut down were hosted in 40 U.S. data centers.

So far, those responsible for running the operations have not been identified, Reuters said. The ringleader is known by the codename of “Aquabox.” He may be from Eastern Europe.

The move by Microsoft and the FBI will hurt them financially, however.

"The bad guys will feel the punch in the gut," Richard Domingues Boscovich, assistant general counsel with Microsoft's digital crimes unit, was quoted by Reuters.

Investigators appear confident they will get those responsible.

"We are upping the game in our level of commitment in going after botnet creators and distributors," McFeely said. "This is a more concerted effort to engage our foreign partners to assist us in identifying, locating and, if we can, get US criminal process on these botnet creators and distributors."