Story image

New botnet makes huge impact

19 Feb 2010

A massive botnet infection affecting 75,000 systems in 2500organisations around the world has been discovered by a US computer securityfirm.

“The newly-discovered infestation, dubbed the ‘Kneber botnet’after the username linking the infected systems worldwide, gathers logincredentials to online financial systems, social networking sites and emailsystems from infested computers and reports the information to miscreants whocan use it to break into accounts, steal corporate and government information,and replicate personal, online and financial identities,” Virginia-basedNetWitness said in a statement.

NetWitness first discovered the Kneber botnet in Januaryduring a routine deployment of its advanced monitoring solutions. Deeperinvestigation revealed an extensive compromise of commercial and governmentsystems that included 68,000 corporate login credentials, access to emailsystems, online banking sites, Facebook, Yahoo, Hotmail and other socialnetworking credentials, 2,000 SSL certificate files, and dossier-level datasets on individuals including complete dumps of entire identities from victimmachines.

Amit Yoran, CEO of NetWitness, says the discovery makes theAurora attack, involving Google’s China operation, look pale in comparison. Botnetsare networks of compromised computers that can be remotely controlled to stealinformation and distribute spam and malware. Like the Aurora attack, the botnetwas spread by luring innocent employees of the various companies andorganisations to download infected software through sites controlled by the, orby opening email attachments.

“These large-scale compromises of enterprise networks havereached epidemic levels,” Yoran said. “Cyber criminal elements, like the Knebercrew quietly and diligently target and compromise thousands of government andcommercial organisations across the globe. Conventional malware protection andsignature based intrusion detection systems are by definition inadequate foraddressing Kneber or most other advanced threats.

“Organisations which focus oncompliance as the objective of their information security programs and have notkept pace with the rapid advances of the threat environment will not see thisTrojan until the damage already has occurred. Systems compromised by thisbotnet provide the attackers not only user credentials and confidentialinformation, but remote access inside the compromised networks.”

Tesla unveils the Model Y SUV
After much anticipation, Tesla unveiled the Model Y last week – a vehicle that is described as an all-electric, mid-size SUV that can seat seven adults – and the vehicle has a glass roof.
Preparation for Tokyo 2020 Olympics begins - with robots
The Tokyo 2020 Olympic Games are quickly approaching, but it won’t just be a sea of athletes and sports fans – now robots will make up a significant part of the fan experience.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
How AI could warn civilians before a volcanic eruption
Advance monitoring could lead to better disaster planning and evacuation warnings in the event of an eruption.
Facebook launches dedicated home for its Gaming
"All of our work on the Facebook Gaming team adds up to helping build the world's gaming community."
Spotify calls out Apple's anti-competitive behaviour
Apple's App Store rules "purposely limit choice and stifle innovation at the expense of the user experience—essentially acting as both a player and referee to deliberately disadvantage other app developers".
Sony launches headphones with 30-hour battery life
Sony’s EXTRA BASS series has a new family member that sports up to 30 hours battery life.
Chorus says the clock's ticking if you want UFB before the Rugby World Cup
“We know demand is going to be high for fibre installations in the lead up to the tournament and we want to make sure New Zealand’s most ardent supporters don't miss out."