Story image

New botnet makes huge impact

19 Feb 10

A massive botnet infection affecting 75,000 systems in 2500
organisations around the world has been discovered by a US computer security
firm.

“The newly-discovered infestation, dubbed the ‘Kneber botnet’
after the username linking the infected systems worldwide, gathers login
credentials to online financial systems, social networking sites and email
systems from infested computers and reports the information to miscreants who
can use it to break into accounts, steal corporate and government information,
and replicate personal, online and financial identities,” Virginia-based
NetWitness said in a statement.

NetWitness first discovered the Kneber botnet in January
during a routine deployment of its advanced monitoring solutions. Deeper
investigation revealed an extensive compromise of commercial and government
systems that included 68,000 corporate login credentials, access to email
systems, online banking sites, Facebook, Yahoo, Hotmail and other social
networking credentials, 2,000 SSL certificate files, and dossier-level data
sets on individuals including complete dumps of entire identities from victim
machines.

Amit Yoran, CEO of NetWitness, says the discovery makes the
Aurora attack, involving Google’s China operation, look pale in comparison. Botnets
are networks of compromised computers that can be remotely controlled to steal
information and distribute spam and malware. Like the Aurora attack, the botnet
was spread by luring innocent employees of the various companies and
organisations to download infected software through sites controlled by the, or
by opening email attachments.

“These large-scale compromises of enterprise networks have
reached epidemic levels,” Yoran said. “Cyber criminal elements, like the Kneber
crew quietly and diligently target and compromise thousands of government and
commercial organisations across the globe. Conventional malware protection and
signature based intrusion detection systems are by definition inadequate for
addressing Kneber or most other advanced threats.

“Organisations which focus on
compliance as the objective of their information security programs and have not
kept pace with the rapid advances of the threat environment will not see this
Trojan until the damage already has occurred. Systems compromised by this
botnet provide the attackers not only user credentials and confidential
information, but remote access inside the compromised networks.”

CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Game review: Just Cause 4 on PC
Rico Rodriguez returns to wreak over-the-top havoc for a fourth time. This time the island nation of Solís is our hero’s sandbox, ripe for destruction.
Hands-on review: Logitech G502 HERO gaming mouse
My favourite feature of the G502s is the ‘Sniper’ button, which is found on the left hand side of the device. When held, this lowers the DPI and allows you to achieve maximum accuracy whilst honing in on a kill on your favourite FPS title.
Interview: ZeniMax Online's game director talks Elder Scrolls Online
FutureFive’s Darren Price sat down with Matt Firor, ESO’s designer and now president and game director at ZeniMax Online.
IDC: Tablets stay dead, notebooks keep head above water
An IDC report predicts a soft personal PC market, slipping into further decline with the exception of notebooks, gaming PCs, and business PC upgrades.
A hands-on guide to Christmas shopping by Santa’s IT elf
Ho, ho, ho! So you’re back again for more inspiration for that hard-to-buy-for person in your life?
Govt commits $15.5m to digital identity research
“With more and more aspects of our lives taking place online it’s critical the government takes a lead to ensure New Zealanders have control of how and who uses their identity information,” says Minister Woods.