Kneber just another botnet?
Some experts say it's nothing new and there are many other botnets like it out there
Network World - The Kneber botnet, so christened by security firm NetWitness in describing it to the press, is nothing new and there are many other botnets like it out there, according to a number of other security firms.
[See also from Network World: The Kneber botnet revealed]
Kneber is described as a botnet command-and-control system based on the ZeuS Trojan, a well-know type of malware capable of stealing financial data and login credentials. According to NetWitness, the firm discovered Kneber in January while deploying its network security equipment for a customer, and estimates the botnet has infiltrated "75,000 systems in 2,500 organizations around the world." Other security vendors say expect to find another 100 or more ZeuS-based botnets just like it if you go looking.
Many commend NetWitness for uncovering the server cache of information containing stolen password, login and Web browser information related to the Kneber botnet. But there are probably many more Kneber-like botnets out there today, say some, and because Kneber uses the older version of ZeuS, it doesn't even represent the worst it could do.
What NetWitness uncovered in Kneber with 75GB of information on 75,000 compromised machines over 90 days "is above the median size of a data cache," says Don Jackson, security researcher at SecureWorks, noting most botnet caches his firms has uncovered tend to run 10GB of data for about 23,000 compromised user computers.
But Kneber, he notes, is based on the older 1.2 version of ZeuS now given away for free and is not usually considered what would be used by a "professional high-dollar operator" who would make a lot of effort to hide behind proxies. "If you wanted to go hunting for these things, you could find them every month," he noted.
The most recent version of ZeuS, version 1.3, which was first seen in November of last year, costs thousands, with even a single module costing $10,000 in criminal circles, according to SecureWorks, which is expected to issue an in-depth report about ZeuS 1.3 next Monday. The new version of ZeuS is so deadly, it rips through unauthorized online wire transfers once it gets hold in an infected machine -- and more.
Anyone investing in ZeuS 1.3 is likely to take a lot of trouble to successfully hide the botnet, Jackson notes.
The problem is that Kneber-like botnets are a dime a dozen and certainly nothing new, according to other security firms.
"We're tracking, at any time, about 100 unique ZeuS botnets," says Marc Maiffret, chief security architect at FireEye. "There are constantly-changing variants of it." This is this is one reason it has a chance to evade signature-based malware defenses. But Maiffret also says that he'd characterize a ZeuS botnet controlling 75,000 systems as being of mid to high size.
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- Target attack shows danger of remotely accessible HVAC systems
- Target hackers try new ways to use stolen card data
- Update: Microsoft to patch just-revealed Windows zero-day tomorrow
- NSA spying prompts open TrueCrypt encryption software audit to go viral
- Microsoft warns of Office zero-day, active hacker exploits
- Hackers move to create next Blackhole after 'Paunch' arrest
- Adobe hack shows subscription software vendors lucrative targets
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts