Botnet Strikes 2,500 Organizations Worldwide
Kneber, a ZeuS Botnet Variant, Said to Infect 75,000 SystemsA newly discovered infestation dubbed Kneber, a variant of the ZeuS botnet, has affected 75,000 systems in 2,500 organizations worldwide, according to NetWitness, a provider of persistent threat detection and network forensics products. NetWitness said an investigation it began last month by NetWitness revealed an extensive compromise of commercial and government systems that included that 68,000 corporate login credentials, access to e-mail systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials, 2,000 SSL certificate files and dossier-level data sets on individuals including complete dumps of entire identities from victim machines.
NetWtiness said it labeled the new botnet Kneber after the username linking the infected systems worldwide. Kneber, according to NetWitness, gathers login credentials to online financial systems, social networking sites and e-mail systems from infested computers and reports the information to miscreants who can use it to break into accounts, steal corporate and government information and replicate personal, online and financial identities.
Amit Yoran, NetWitness chief executive officer, said the Operation Aurora attacks on Google and others pales in comparison to a single botnet, which sheds light on advanced threats from adversaries. "These large-scale compromises of enterprise networks have reached epidemic levels," Yoran, the onetime director of the Department of Homeland Security's National Cybersecurity Division, said in a statement. "Systems compromised by this botnet provide the attackers not only user credentials and confidential information, but remote access inside the compromised networks."
Alex Cox, the NetWitness principal analyst who the company said uncovered Kneber, said many security analyst classify ZeuS soley as a Trojan that steals banking information, a viewpoint he characterizes as naïve because other types of data also were exposed.
Cox said more than half the machines infected with Knever also were tainted with the peer-to-peer Waledac botnet. He said the coexistence of ZeuS and Waledac suggests the goals of resilience and survivability and potential deeper cross-crew collaboration in the criminal underground.