A massive botnet infection affecting 75,000 systems in 2500organisations around the world has been discovered by a US computer securityfirm.
“The newly-discovered infestation, dubbed the ‘Kneber botnet’after the username linking the infected systems worldwide, gathers logincredentials to online financial systems, social networking sites and emailsystems from infested computers and reports the information to miscreants whocan use it to break into accounts, steal corporate and government information,and replicate personal, online and financial identities,” Virginia-basedNetWitness said in a statement.
NetWitness first discovered the Kneber botnet in Januaryduring a routine deployment of its advanced monitoring solutions. Deeperinvestigation revealed an extensive compromise of commercial and governmentsystems that included 68,000 corporate login credentials, access to emailsystems, online banking sites, Facebook, Yahoo, Hotmail and other socialnetworking credentials, 2,000 SSL certificate files, and dossier-level datasets on individuals including complete dumps of entire identities from victimmachines.
Amit Yoran, CEO of NetWitness, says the discovery makes theAurora attack, involving Google’s China operation, look pale in comparison. Botnetsare networks of compromised computers that can be remotely controlled to stealinformation and distribute spam and malware. Like the Aurora attack, the botnetwas spread by luring innocent employees of the various companies andorganisations to download infected software through sites controlled by the, orby opening email attachments.
“These large-scale compromises of enterprise networks havereached epidemic levels,” Yoran said. “Cyber criminal elements, like the Knebercrew quietly and diligently target and compromise thousands of government andcommercial organisations across the globe. Conventional malware protection andsignature based intrusion detection systems are by definition inadequate foraddressing Kneber or most other advanced threats.
“Organisations which focus oncompliance as the objective of their information security programs and have notkept pace with the rapid advances of the threat environment will not see thisTrojan until the damage already has occurred. Systems compromised by thisbotnet provide the attackers not only user credentials and confidentialinformation, but remote access inside the compromised networks.”