The “Kneber” botnet is made up of 74,126 machines in 196 countries that were infected with a variant of Zeus, Alex Cox, a principal analyst at NetWitness and the botnet's discoverer, told SCMagazineUS.com on Thursday.

The stolen data also includes credentials for corporate accounts and online banking sites, Cox said. The gang of hackers behind the attack, believed to be from Eastern Europe, have likely stolen millions of credentials.Cox discovered the botnet on Jan. 26 during routine analysis of a client's enterprise network.


The botnet was named Kneber, after the email address used to register the command-and-control server linking infected systems worldwide, he said.

via Newly discovered Zeus spinoff botnet has wide impact – SC Magazine US.

Here the NetWitness research paper.

From Kneber FAQ :

06. What’s so special about it?

It’s the fact that despite the crimeware’s advanced E-banking sessions hijacking, the primary objective of their campaign — at least based on the sample analyzed by NetWitness researchers — was to steal social networking credentials.

Moreover, the Kneber botnet is a good example of an ongoing trend aiming to build and maintain beneath the radar botnets

Nessun commento.

Aggiungi il tuo commento