Microsoft and the FBI say they have significantly disrupted a ring of botnets that has stolen $500 million in the last 18 months. 

The Citiadel botnet ring was made up of 1,400 individual botnets – networks of malware-infected PCs. Cyber criminals used the network to steal online banking log-ins.

The ring had amassed some 5 million infected machines in over 90 countries. Organisations affected include American Express, Bank of America, Citigroup, Credit Suisse, PayPal and HSBC.

The software giant filed a civil suit against the botnet's operators, and was authorised by the US District Court to disconnect them from the infected PCs. The FBI provided global law enforcement agencies with the information they needed take action.

This has scuppered 1,000 of the 1,400 botnets, Microsoft claims. 

Citadel was developed using augmented source code from the Zeus toolkit. The infection recorded the user's keystrokes to extract usernames and passwords for online banking sites. It also blocked anti-virus sites so the user could not update their security software. 

Microsoft said that the criminals had used counterfeit serial numbers for its Windows XP operating system in developing the malware.

“Today’s actions represent the future of addressing the significant risks posed to our citizens, businesses and intellectual property by cyber threats and malicious software, which are often enabled by counterfeit and unlicensed software,” said FBI executive assistant director Richard McFeely in a statement.

“Creating successful public-private partnerships –in which tools, knowledge and intelligence are shared– is the ultimate key to success in addressing cyber threats and is among the hightest priorities of the FBI," McFeeley said.