Global Botnet Attack Hits Enterprise, Government PCs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Cloud Storage
01:53 PM
Connect Directly

Global Botnet Attack Hits Enterprise, Government PCs

Operating undetected for about a year, the criminals behind the cyberattack had control of more than 74,000 computers.

Over 74,000 personal, corporate and government computers at over 2,500 organizations around the world have been found to be zombies in the newly discovered "Kneber botnet."

Late last month, NetWitness, a computer security company headed by former DHS cybersecurity director Amit Yoran, discovered over 75 GB of stolen data as part of its routine enterprise analytics activities. The company says that the data turned out to be the product of a botnet of over 74,000 computers, that the malware used to create the botnet was recognized by less than 10% of antivirus software, and that the botnet's network communication was not recognized by existing intrusion detection systems.

The cache of data represents a month of botnet data collection and the botnet is estimated to have been operating for about a year. The stolen data includes about 68,000 corporate logins to e-mail accounts, online banking accounts, Facebook, Hotmail, Yahoo accounts and other social networking sites. It also includes almost 2,000 SSL certificate files, which are used for activities like online banking or connecting to a VPN.

Merck, Cardinal Health, Paramount Pictures and Juniper Networks are among the companies believed to have been affected, according to a report in The Wall Street Journal.

Yoran suggests that this botnet makes Operation Aurora, the cyber attack directed at Google and 33 other companies last December, look insignificant. "While Operation Aurora shed light on advanced threats from sponsored adversaries, the number of compromised companies and organizations pales in comparison to this single botnet," he said in a statement. "These large-scale compromises of enterprise networks have reached epidemic levels. Cyber criminal elements, like the Kneber crew, quietly and diligently target and compromise thousands of government and commercial organizations across the globe."

NetWitness says that the Kneber botnet was assembled using a variant of the Zeus Trojan, malware that's widely known for stealing banking credentials. But the compromised PCs -- all running Windows, mainly XP or Vista -- also show signs of a secondary infection with Waledac, a peer-to-peer spamming botnet. While this is not unusual, NetWitness believes that the data it has analyzed indicates that the two criminal gangs behind these two malware families are cooperating.

The company says that it cannot be certain as to how or by whom this stolen data will be used. Much of the computer and domain infrastructure used to spread the botnet resides in China, though those operating the botnet are believed to be in Eastern Europe.

For Further Reading:

Cyberattack Drill Shows U.S. Unprepared

U.S. 'Severely Threatened' By Cyber Attacks

Homeland Security Plans Cybersecurity, Data Center Investments

Cyberwar Readiness Recast As Low Priority

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll