Global Botnet Attack Hits Enterprise, Government PCs — InformationWeek
Over 74,000 personal, corporate and government computers at over 2,500 organizations around the world have been found to be zombies in the newly discovered "Kneber botnet." Late last month, NetWitness, a computer security company headed by former DHS cybersecurity director Amit Yoran, discovered over 75 GB of stolen data as part of its routine enterprise analytics activities. The company says that the data turned out to be the product of a botnet of over 74,000 computers, that the malware used to create the botnet was recognized by less than 10% of antivirus software, and that the botnet’s network communication was not recognized by existing intrusion detection systems.
The cache of data represents a month of botnet data collection and the botnet is estimated to have been operating for about a year. The stolen data includes about 68,000 corporate logins to e-mail accounts, online banking accounts, Facebook, Hotmail, Yahoo accounts and other social networking sites. It also includes almost 2,000 SSL certificate files, which are used for activities like online banking or connecting to a VPN.
NetWitness says that the Kneber botnet was assembled using a variant of the Zeus Trojan, malware that’s widely known for stealing banking credentials. But the compromised PCs — all running Windows, mainly XP or Vista — also show signs of a secondary infection with Waledac, a peer-to-peer spamming botnet. While this is not unusual, NetWitness believes that the data it has analyzed indicates that the two criminal gangs behind these two malware families are cooperating.