backtop


Print 17 comment(s) - last by Lerianis.. on Feb 20 at 12:06 AM

Botnet is used to steal login credentials and much more

The number of criminal groups that operate online attempting to steal information and money from unsuspecting consumers, businesses, and governments is staggering. As the hacker groups find ways to infect computers the data of millions of people across the world is at risk.

Internet security firm NetWitness has issued a press release stating that it has discovered a new ZeuS botnet dubbed the Kneber botnet. The botnet is believed to be infecting as many as 75,000 computers in 2,500 organizations around the world. The botnet infects computers and then steals logon credentials to online financial institutions, social networking logins, and email logins.

NetWitness reports that it first discovered the Kneber botnet in January during a routine deployment of its NetWitness advanced monitoring solution. Investigation showed that the number of compromised computer systems in both the government and commercial institutions was staggering. Data ranging from logins to complete dumps of identities from victim machines was being harvested.

NetWitness CEO Amit Yoran said, "While Operation Aurora shed light on advanced threats from sponsored adversaries, the number of compromised companies and organizations pales in comparison to this single botnet. These large-scale compromises of enterprise networks have reached epidemic levels. Cyber criminal elements, like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe.

Conventional malware protection and signature based intrusion detection systems are by definition inadequate for addressing Kneber or most other advanced threats. Organizations which focus on compliance as the objective of their information security programs and have not kept pace with the rapid advances of the threat environment will not see this Trojan until the damage already has occurred. Systems compromised by this botnet provide the attackers not only user credentials and confidential information, but remote access inside the compromised networks."

NetWitness points out that while many analysts are classifying ZeuS as a trojan that steals online banking information, a more diverse mission for the botnet needs to be considered. More than half the systems infected with Kneber were also infected with a peer to per botnet called Waledac suggesting a high level of cooperation between cyber criminal groups.

The Washington Post reports that Yoran said the attacks don't appear to be related to the attack that took place against Google. The attack against Google last year resulted in the loss of corporate IP and led to a blow up between Google and the Chinese government. Google threatened to leave the Chinese search market due to repeated attacks.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: 75000 Computer Globally?? no big deal
By GaryJohnson on 2/18/2010 2:05:38 PM , Rating: 2
So you're agreeing then that this is totally unimportant for the vast majority of users whose PCs are uninfected?

If someone were to run up and smash your PC into pieces with a hammer, it would be a big deal to you, but would it be something every tech site on the planet would need to copypasta a story about?

To put this in perspective, in 2009 conficker was estimated to have infected between 9 million and 15 million PCs. That was a big deal.


RE: 75000 Computer Globally?? no big deal
By ElderTech on 2/18/2010 2:31:26 PM , Rating: 2
But from a "reported" to "actual" perspective, it's in most cases at least a 1 to 10 ratio, and often much greater. In this case, 1,000,000 possible infections wouldn't be out of line. And if the infections are counted a one per network, the number affected could be staggering. As with all initial reports like this, it remains to be seen what the ramifications will be, but it's a heads up for everyone involved in security.


By Lerianis on 2/20/2010 12:06:09 AM , Rating: 2
And how many of these PC's with this botnet are still running insecure central Windows XP? Probably almost all of them!


"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki