Tuesday, February 16, 2010

NetWitness Uncovers Massive ZeuS Botnet

A global botnet known as "Kneber" has compromised some 74,000 PCs worldwide while being detected by less than 10% of anti-virus products and eluding corporate intrusion detection systems (IDS), according to a newly published paper by NetWitness, a network security firm based in Herndon, Virginia. The story was first reported by The Wall Street Journal.

The infection is believed to have spread to major corporations and government agencies using a ZeuS trojan attack. The botnet is designed to steal log-in data on webforms, including banking details. Additionally, NetWitness claims the botnet can search for and copy any file that is resident on the host PC. Its data indicates that the malware is most present on Windows XP and Windows Vista systems. NetWitness said the exploit campaign has been running for over a year and is still active.

The company has posted a 17-page whitepaper on the topic to its website.

  • NetWitness is headed by Amit Yoran, who previously was Director of the US-CERT and National Cyber Security Division of the Department of Homeland Security. He also served as CEO and advisor to In-Q-Tel, the venture capital arm of the CIA.