New botnet makes huge impact

19 Feb 10

A massive botnet infection affecting 75,000 systems in 2500
organisations around the world has been discovered by a US computer security

“The newly-discovered infestation, dubbed the ‘Kneber botnet’
after the username linking the infected systems worldwide, gathers login
credentials to online financial systems, social networking sites and email
systems from infested computers and reports the information to miscreants who
can use it to break into accounts, steal corporate and government information,
and replicate personal, online and financial identities,” Virginia-based
NetWitness said in a statement.

NetWitness first discovered the Kneber botnet in January
during a routine deployment of its advanced monitoring solutions. Deeper
investigation revealed an extensive compromise of commercial and government
systems that included 68,000 corporate login credentials, access to email
systems, online banking sites, Facebook, Yahoo, Hotmail and other social
networking credentials, 2,000 SSL certificate files, and dossier-level data
sets on individuals including complete dumps of entire identities from victim

Amit Yoran, CEO of NetWitness, says the discovery makes the
Aurora attack, involving Google’s China operation, look pale in comparison. Botnets
are networks of compromised computers that can be remotely controlled to steal
information and distribute spam and malware. Like the Aurora attack, the botnet
was spread by luring innocent employees of the various companies and
organisations to download infected software through sites controlled by the, or
by opening email attachments.

“These large-scale compromises of enterprise networks have
reached epidemic levels,” Yoran said. “Cyber criminal elements, like the Kneber
crew quietly and diligently target and compromise thousands of government and
commercial organisations across the globe. Conventional malware protection and
signature based intrusion detection systems are by definition inadequate for
addressing Kneber or most other advanced threats.

“Organisations which focus on
compliance as the objective of their information security programs and have not
kept pace with the rapid advances of the threat environment will not see this
Trojan until the damage already has occurred. Systems compromised by this
botnet provide the attackers not only user credentials and confidential
information, but remote access inside the compromised networks.”


Share on: LinkedIn Twitter Facebook