At the end of February 2013 NASK (Research and Academic Computer Network) { the .pl
ccTLD Registry { and CERT Polska (an incident response team operated by NASK) took
over 3 .pl domains used by one of the Citadel botnets known as plitfi. This botnet
was used to steal information sent to websites and was mainly targeting Polish users.
According to the information gathered by CERT Polska, 11 730 di erent machines were
infected by this malware. Most of the connections made to the C&C server originated
from Europe and Japan, with 77% of them made from Poland. This report outlines the
inner workings of the botnet, ways in which the data was stolen and various statistics
derived from observations made as a result of the sinkholing of the botnet.
read more...........http://www.cert.pl/PDF/Report_Citadel_plitfi_EN.pdf