A new Zeus botnet has been discovered affecting 75,000 systems in 2,500 organizations around the world. Both corporate and government networks have become victims of the severe cyberattack dubbed the Kneber attack, named after the username linked with the attack.
The attack was first discovered in January while a security analyst at Hernon, Va.-based NetWitness was installing a monitoring system for a client. In investigating the discovery, the company found Kneber had compromised 68,000 corporate log-ins; access to various e-mail systems, including Yahoo and Hotmail; access to online banking sites; and access to social-networking sites, including Facebook. All of this was done in a four-week period.
Kneber has been identified as a botnet, where compromised computers run software remotely.
"Systems compromised by this botnet provide the attackers not only user credentials and confidential information, but remote access inside the compromised networks," said Amit Yoran, CEO of NetWitness and former director of the National Cyber Security Division.
Damage Done
The Kneber botnet is not stopped by traditional malware protection or other intrusion-detection systems, and NetWitness analysts fear organizations will not see the damage from this attack until it has already occurred.
More than half the infected machines were also infected with a peer-to-peer botnet dubbed Waledac, a worm that is capable of collecting and forwarding password information. It's also capable of receiving commands from a remote server  , including to upgrade malware components or send information from the infected computer.
Used together, the botnets have the potential to enable hackers to collaborate in what NetWitness said may be a "criminal underground."
"On a microlevel, there are new versions of Trojans and viruses that come out all the time and some gain traction while others do not," said Matthew Prince, cocreator of Project Honey Pot, a spam tracking network. "On the macrolevel it is really scary."
Cybercriminal Revolution
The Zeus line of credential-stealing viruses is like a whole new disease that has emerged in the cyber infection space, according to Prince. The bad guys are taking technology that has emerged through the Zeus virus and leveraged it into newer attacks such as Kneber.
"The revolution that has happened and the supply chain of criminal enterprises that has been built up by the Zeus virus has allowed them to do damage in a way that was not before possible," Prince said.
"These large-scale compromises of enterprise networks have reached epidemic levels," explained NetWitness's Yoran. "Cybercriminal elements like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe." (continued...)
Anonymous:
Posted: 2010-02-22 @ 5:00pm PT
"I'm just wondering, has Zeus, or Kneber or Waledac, or any other botnet managed to infect any computer which was not running Microsoft Windows?"
The short answer is yes. One of the very first large scale DDoS attacks took place using a botnet that was composed of compromised SUN systems, mostly at universities (which sat on 'fat pipes' and thus were more condusive to facilitating the attack.) where the overworked IT staff had not kept the systems patched up.
but yes, Windows is the more popular target just because, presuming you can find an exploit, you've got a greater number of potential un-patched systems available to subvert.
Also many of these attacks will use multiple vectors to try and get their code on a system, if that means hacking older versions of blog software (most often running on UNIX systems with Apache for their webservers) in order to insert cross site scripting attacks that send people to sites designed to exploit bugs in their browsers, javascript, or older versions of flash or some other 'trusted' web-plugin, they'll do it. Note that in those cases the OS on both ends, the webserver, and browser might be completely patched and up to date, and the vector ends up being something like bloggersoftware==>browserplugin.
Also social engineering is more and more common, compromising a social networking site to send a message to all contacts to say 'checkout this amazing video I just found' and directing the user to a site that asks them to install their special 'viewer' software to see the promised video.. and tricking the user into running an 'viewer installer' (with versions for windows, mac and linux) that installs the botnet software, which then sends that 'checkout this cool video' message out to all of YOUR contacts..
That's more and more prevelant, because no-matter what OS they are on, no matter how secure the OS and browser are, and how up to date everything is: "You can't patch stupid."
Anonymous:
Posted: 2010-02-22 @ 2:01pm PT
"I'm just wondering, has Zeus, or Kneber or Waledac, or any other botnet managed to infect any computer which was not running Microsoft Windows?"
Its not a matter of whether or not they failed to infect an OS other than Windows, the case is that they were simply not written to look at anything other than Windows.
Its a matter of the number of hackers attacking the OS more than the OS itself. If another OS was in use in 90% of PC's that OS would be attacked instead.
Imagine an infinite number of monkeys banging away at keyboards...
Anonymous:
Posted: 2010-02-22 @ 7:46am PT
I am an AT&T DSL subscriber and they provide McAfee anti virus software to DSL customers.
Even though my account is current, McAfee will often periodically shut down all protection and one has to click a button to "Fix This" just to verify my subscription is current.
This makes me angry because during one such period, I was infected by trojans. McAfee could not detect it and my computer hangs after 10-15 minutes and the keyboard is locked with a constant humming sound. CPU shows high use and CTRL-ALT-DEL fails to bring up Task Manager and the only thing I can do, is to shut off power - hard reboot.
I am worried about what damage has been done - what data has been stolen. I am going to complain to the attorney general.
Anonymous:
Posted: 2010-02-21 @ 5:15pm PT
I'm just wondering, has Zeus, or Kneber or Waledac, or any other bot net managed to infect any computer which was not running Microsoft Windows?
|
How Do You Avoid the 5 Big Mistakes Customer Service Teams Make?