backtop


Print 17 comment(s) - last by Lerianis.. on Feb 20 at 12:06 AM

Botnet is used to steal login credentials and much more

The number of criminal groups that operate online attempting to steal information and money from unsuspecting consumers, businesses, and governments is staggering. As the hacker groups find ways to infect computers the data of millions of people across the world is at risk.

Internet security firm NetWitness has issued a press release stating that it has discovered a new ZeuS botnet dubbed the Kneber botnet. The botnet is believed to be infecting as many as 75,000 computers in 2,500 organizations around the world. The botnet infects computers and then steals logon credentials to online financial institutions, social networking logins, and email logins.

NetWitness reports that it first discovered the Kneber botnet in January during a routine deployment of its NetWitness advanced monitoring solution. Investigation showed that the number of compromised computer systems in both the government and commercial institutions was staggering. Data ranging from logins to complete dumps of identities from victim machines was being harvested.

NetWitness CEO Amit Yoran said, "While Operation Aurora shed light on advanced threats from sponsored adversaries, the number of compromised companies and organizations pales in comparison to this single botnet. These large-scale compromises of enterprise networks have reached epidemic levels. Cyber criminal elements, like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe.

Conventional malware protection and signature based intrusion detection systems are by definition inadequate for addressing Kneber or most other advanced threats. Organizations which focus on compliance as the objective of their information security programs and have not kept pace with the rapid advances of the threat environment will not see this Trojan until the damage already has occurred. Systems compromised by this botnet provide the attackers not only user credentials and confidential information, but remote access inside the compromised networks."

NetWitness points out that while many analysts are classifying ZeuS as a trojan that steals online banking information, a more diverse mission for the botnet needs to be considered. More than half the systems infected with Kneber were also infected with a peer to per botnet called Waledac suggesting a high level of cooperation between cyber criminal groups.

The Washington Post reports that Yoran said the attacks don't appear to be related to the attack that took place against Google. The attack against Google last year resulted in the loss of corporate IP and led to a blow up between Google and the Chinese government. Google threatened to leave the Chinese search market due to repeated attacks.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Banks do not protect you from password teft
By BlaneWoodard on 2/18/2010 11:18:36 AM , Rating: 2
Has anyone uncovered a way for a pc user to detect this infection?




By MrBlastman on 2/18/2010 11:43:13 AM , Rating: 3
netstat -an and a packet sniffer?


By BlaneWoodard on 2/18/2010 11:43:48 AM , Rating: 2
wire shark level investigation seems out of reach for most people.


By karielash on 2/19/2010 2:57:29 AM , Rating: 2
In most corporate and/or banking networks the installation of a packet sniffer is likely to get you fired (if your lucky) or worse.

So while it may (or may not) be out of reach for most people it's use sure has hell will be.


RE: Banks do not protect you from password teft
By frobizzle on 2/18/2010 12:59:08 PM , Rating: 2
By MrBlastman on 2/18/2010 2:23:58 PM , Rating: 2
LSOF is also really useful in a UNIX environment to find files that are open and in use.

I suppose the Microsoft equivalent might be process explorer.


By chagrinnin on 2/18/2010 11:54:04 AM , Rating: 2
Tevs suck


By BushStar on 2/18/2010 11:51:59 AM , Rating: 2
I saw 3 computers infected with Zeus last week, they were spotted connecting to blacklisted IP addresses. Disinfecting was simpler than most of the malware we now see. ComboFix and MWAB alone were enough to remove the infection. Though whether these Zeus infected computers were connecting to the Kneber network is another matter. I'll check if the name of the botnet these computers were connecting to is known and report back.


Small Fry.
By dark matter on 2/18/2010 10:50:58 AM , Rating: 2
How many PC's are there globally? What is the % infected with this particular virus/trojan/etc.

Not as good a headline figure I guess.




RE: Small Fry.
By JediJeb on 2/18/2010 2:27:34 PM , Rating: 2
Depends on which 75,000 computers are infected. If they are all inside the largest banks and government offices I would say such a small number could affect a very large number of people worldwide.


RE: Small Fry.
By Aloonatic on 2/19/2010 3:08:50 AM , Rating: 3
quote:
The botnet is believed to be infecting as many as 75,000 computers in 2,500 organizations around the world.
I know that that it says "believed to be infecting", so who knows how many actually were/are but that is 75,000 PCs out of a relatively small sample, in a global context.

1 PC in a banking organisation probably accesses multiple accounts in a day, let alone over a week/year/however long it has been infected for. When you are talking about a business PC being infected it is far more damaging than when your home PC is infected, where only yours/your families information is at risk. 1 infected PC in a business puts many many people's information at risk than 1 infected home PC.

Now I know that many will be thinking that banks etc will be well protected, and that they always tell us to be careful and that it's our responsibility to keep our data safe, but after reading all the stories about sensative information being left in skips out the back of banks for anyone to come along and ccollect, I don't really trust them. I would not be at all suprised if there IT security is "tripple A rated" in their minds, and have been told so by someone who they've paid a lot of money to, when in fact it's pretty useless.


75000 Computer Globally?? no big deal
By krichmond on 2/18/10, Rating: -1
By shin0bi272 on 2/18/2010 11:36:29 AM , Rating: 2
You know... now that I look at that number... you have to wonder what will happen when the other 5.2 billion people in the world get internet access. You think its bad now with all the re-re's clogging the tubes? Try quintupling the amount of bandwidth hogging n00bz and see how things go.

[speculation]Were gonna need synchronous gigabit internet just to keep the interwebz from coming to a complete halt. [/speculation]


RE: 75000 Computer Globally?? no big deal
By chagrinnin on 2/18/2010 12:42:12 PM , Rating: 3
Rrelative: Your bank account compromised,...one computer would seem like a big deal.


RE: 75000 Computer Globally?? no big deal
By GaryJohnson on 2/18/2010 2:05:38 PM , Rating: 2
So you're agreeing then that this is totally unimportant for the vast majority of users whose PCs are uninfected?

If someone were to run up and smash your PC into pieces with a hammer, it would be a big deal to you, but would it be something every tech site on the planet would need to copypasta a story about?

To put this in perspective, in 2009 conficker was estimated to have infected between 9 million and 15 million PCs. That was a big deal.


RE: 75000 Computer Globally?? no big deal
By ElderTech on 2/18/2010 2:31:26 PM , Rating: 2
But from a "reported" to "actual" perspective, it's in most cases at least a 1 to 10 ratio, and often much greater. In this case, 1,000,000 possible infections wouldn't be out of line. And if the infections are counted a one per network, the number affected could be staggering. As with all initial reports like this, it remains to be seen what the ramifications will be, but it's a heads up for everyone involved in security.


By Lerianis on 2/20/2010 12:06:09 AM , Rating: 2
And how many of these PC's with this botnet are still running insecure central Windows XP? Probably almost all of them!


"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki