Print 17 comment(s) - last by Lerianis.. on Feb 20 at 12:06 AM

Botnet is used to steal login credentials and much more

The number of criminal groups that operate online attempting to steal information and money from unsuspecting consumers, businesses, and governments is staggering. As the hacker groups find ways to infect computers the data of millions of people across the world is at risk.

Internet security firm NetWitness has issued a press release stating that it has discovered a new ZeuS botnet dubbed the Kneber botnet. The botnet is believed to be infecting as many as 75,000 computers in 2,500 organizations around the world. The botnet infects computers and then steals logon credentials to online financial institutions, social networking logins, and email logins.

NetWitness reports that it first discovered the Kneber botnet in January during a routine deployment of its NetWitness advanced monitoring solution. Investigation showed that the number of compromised computer systems in both the government and commercial institutions was staggering. Data ranging from logins to complete dumps of identities from victim machines was being harvested.

NetWitness CEO Amit Yoran said, "While Operation Aurora shed light on advanced threats from sponsored adversaries, the number of compromised companies and organizations pales in comparison to this single botnet. These large-scale compromises of enterprise networks have reached epidemic levels. Cyber criminal elements, like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe.

Conventional malware protection and signature based intrusion detection systems are by definition inadequate for addressing Kneber or most other advanced threats. Organizations which focus on compliance as the objective of their information security programs and have not kept pace with the rapid advances of the threat environment will not see this Trojan until the damage already has occurred. Systems compromised by this botnet provide the attackers not only user credentials and confidential information, but remote access inside the compromised networks."

NetWitness points out that while many analysts are classifying ZeuS as a trojan that steals online banking information, a more diverse mission for the botnet needs to be considered. More than half the systems infected with Kneber were also infected with a peer to per botnet called Waledac suggesting a high level of cooperation between cyber criminal groups.

The Washington Post reports that Yoran said the attacks don't appear to be related to the attack that took place against Google. The attack against Google last year resulted in the loss of corporate IP and led to a blow up between Google and the Chinese government. Google threatened to leave the Chinese search market due to repeated attacks.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Small Fry.
By Aloonatic on 2/19/2010 3:08:50 AM , Rating: 3
The botnet is believed to be infecting as many as 75,000 computers in 2,500 organizations around the world.
I know that that it says "believed to be infecting", so who knows how many actually were/are but that is 75,000 PCs out of a relatively small sample, in a global context.

1 PC in a banking organisation probably accesses multiple accounts in a day, let alone over a week/year/however long it has been infected for. When you are talking about a business PC being infected it is far more damaging than when your home PC is infected, where only yours/your families information is at risk. 1 infected PC in a business puts many many people's information at risk than 1 infected home PC.

Now I know that many will be thinking that banks etc will be well protected, and that they always tell us to be careful and that it's our responsibility to keep our data safe, but after reading all the stories about sensative information being left in skips out the back of banks for anyone to come along and ccollect, I don't really trust them. I would not be at all suprised if there IT security is "tripple A rated" in their minds, and have been told so by someone who they've paid a lot of money to, when in fact it's pretty useless.

"Folks that want porn can buy an Android phone." -- Steve Jobs

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki