Posted by: Samker
« on: 18. February 2010., 17:05:50 »Security firm Netwitness has discovered a new botnet that puts the potential threat of last year's Conficker worm to shame. Called the Kneber botnet, this new form of malware has infected more than 74000 computer systems across the world and is focused on stealing login credentials for e-mail systems, social networks and banking sites, according to Netwitness. Kneber is incredibly hard to detect and has reportedly compromised data from nearly 2500 corporate and government and corporate networks around the world. Here's the latest on what's going on and how you can protect yourself from joining the ranks of the Kneber botnet.
What is it?
Netwitness says Kneber is a ZeuS Trojan botnet, a type of botnet known for its ability to target and steal key information stored on your computer such as login credentials. More than half of the computer systems in the Kneber botnet also have the Waledac Trojan--a worm known to create e-mail spam botnets that was recently associated with Conficker.
Where is Kneber?
Netwitness says Kneber controlled machines are in 196 countries. The five countries with the most significant instances of infected machines are Egypt, Mexico, Saudi Arabia, Turkey and the United States.
Who is getting hit?
Kneber only targets Windows machines, and computers are running Windows XP Professional SP2 make up the majority of the botnet. Netwitness did not report on infections among Windows 7 machines. Kneber is primarily found on machines in corporate and government infrastructures, but home users can be affected as well.
Netwitness hasn't named which companies have been compromised, but The Wall Street Journal is reporting that affected companies include Merck & Co., Cardinal Health, Paramount Pictures and software company Juniper Networks Inc.: http://online.wsj.com/article/SB10001424052748704398804575071103834150536.html
What is being stolen?
Kneber is targeting login credentials for online social networks, e-mail accounts and online financial services. The top sites with stolen login credentials, according to Netwitness' report are Facebook, Yahoo, hi5, metroflog, sonico and netlog. While the focus has been on e-mail and social networks, Kneber is now targeting banking sites as well.
How effective is it?
Netwitness reports that Kneber was able to grab 68,000 login credentials over a 4-week period.
How long has Kneber been around?
The botnet has been around for nearly a year, according to Netwitness' report, but The Wall Street Journal is reporting the botnet campaign has been active for the past 18 months: http://online.wsj.com/article/SB10001424052748704398804575071103834150536.html
What Can I Do To Protect Myself?
Even though the Kneber botnet targets large organizations for infection, your machine at home can still be compromised. This botnet grows its numbers by convincing users to visit a malicious Website where malware sneaks onto your system or by downloading an e-mail attachment.
As with any form of malware, the best way to protect yourself is to use smart practices when navigating the Web. Don't download suspicious email attachments, especially from addresses you don't recognize, and be wary of links to suspicious Websites. Some examples of suspicious links found in email messages include requests for you to log in to your bank account to confirm something or invite you to view a funny video. Finally, always make sure your antivirus program is up to date.
(PCW)