Kneber botnet hits 75,000 computers


A newly discovered botnet has already infected 75,000 computers at more than 2,000 organisations, according to security firm NetWitness.

The "Kneber" botnet spreads the Zeus trojan to takeover computers.

Kneber then gathers login details for everything from financial systems to social networking systems, forwarding such useful data over to "miscreants who can use it to break into accounts, steal corporate and government information, and replicate personal, online and financial identities," NetWitness said.

The firm said it discovered the botnet last month, but it has been up and running for a year. Once it looked into the problem, it uncovered the scale of the infection had hit Facebook, Yahoo, Hotmail, corporate email systems and 2,000 SSL certificate files.

NetWitness chief executive Amit Yoran said: "These large-scale compromises of enterprise networks have reached epidemic levels."

"Conventional malware protection and signature based intrusion detection systems are by definition inadequate for addressing Kneber or most other advanced threats," he added in a statement, echoing reports that just 10 per cent of antivirus systems are spotting this version of the Zeus trojan.

"Systems compromised by this botnet provide the attackers not only user credentials and confidential information, but remote access inside the compromised networks."

NetWitness also noted that half of the computers affected by Kneber were also hit by another botnet, called Waledac. "The coexistence of ZeuS and Waledac suggests the goals of resilience and survivability and potential deeper cross-crew collaboration in the criminal underground," the company said.