Skip to main content

Kneber Botnet Puts Conficker to Shame

Security firm Netwitness reports that a new form of malware has infected more than 74,000 computers across the globe. Dubbed the Kneber, this ZeuS Trojan botnet focuses on stealing user login credentials for banking sites, email accounts, social networks, and more. Netwitness said that the Kneber botnet is difficult to detect, and has already compromised data from nearly 2500 government and corporate global networks.

"NetWitness first discovered the Kneber botnet in January during a routine deployment of the NetWitness advanced monitoring solutions," the security firm said. "Deeper investigation revealed an extensive compromise of commercial and government systems that included 68,000 corporate login credentials, access to email systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials, 2,000 SSL certificate files, and dossier-level data sets on individuals including complete dumps of entire identities from victim machines."

Although the Kneber botnet spans across 196 countries, the Kneber-controlled machines mostly reside within the United States, Egypt, Mexico, Saudi Arabia, and Turkey. Naturally the malware only targets Windows-based PCs, with the majority of the botnet residing on computers running Windows XP SP2. NetWitness said that Kneber was primarily found on corporate and government computers, however home users are likely to attract the infestation as well.

"Over half the machines infected with Kneber also were infected with Waledac, a peer to peer botnet," the firm said. "The coexistence of ZeuS and Waledac suggests the goals of resilience and survivability and potential deeper cross-crew collaboration in the criminal underground."

While Netwitness didn't offer any suggestions, consumers should keep their antivirus definitions up-to-date, and avoid opening suspicious email attachments.