Giant botnet infiltrates 2,500 organisations

A botnet consisting of over 74,000 malware-infected PCs has accumulated a gigantic cache of stolen data, taken from over 2,500 businesses and government organisations across the world, a US security vendor claimed yesterday.

NetWitness found that the botnet, which it has dubbed ‘Kneber’, has over the past 18 months accumulated “68,000 corporate login credentials, access to email systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials, 2,000 SSL certificate files, and dossier-level data sets on individuals including complete dumps of entire identities from victim machines”, according to a company statement.

A Wall Street Journal report said that the affected companies included Paramount Pictures and Juniper Networks, as well as 10 US government agencies.

NetWitness said that the botnet is based on a notorious – and freely available – piece of malware called ZeuS. "Many security analysts tend to classify ZeuS solely as a Trojan that steals banking information, but that viewpoint is naïve," said Alex Cox, a principal analyst at the company. Based on NetWitness’ analysis, he said, it is clear that the ZeuS has a more diverse set of objectives, and targets many more kinds of information than previously thought.

The company said that there is some evidence linking the botnet to criminal gangs in Eastern Europe, and that computers based in China may have been involved.

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...

Related Topics