June 16, 2013
Kneber botnet described as 'massive' and 'worldwide'

A new credentials-gathering virus has spread across worldwide (75,000 computers are thought to be infected), lifting login information for email, social networking and online banking.

Described as "incredibly hard to detect," the Knebet botnet has already compromised nearly 2500 public and private sector networks globally. CEO of NetWitness Amit Yoran vaguely described the large-scale security breach in a statement:

"While Operation Aurora shed light on advanced threats from sponsored adversaries, the number of compromised companies and organizations pales in comparison to this single botnet. These large-scale compromises of enterprise networks have reached epidemic levels...

Conventional malware protection and signature based intrusion detection systems are by definition inadequate for addressing Kneber or most other advanced threats. Organizations which focus on compliance as the objective of their information security programs and have not kept pace with the rapid advances of the threat environment will not see this Trojan until the damage already has occurred. Systems compromised by this botnet provide the attackers not only user credentials and confidential information, but remote access inside the compromised networks."

NetWitness reports that the Kneber botnet has been operating for roughly a year, and in just over 4 weeks, it was able to harvest 68,000 login credentials. No new advice has been offered in avoiding this particular infection, but users are advised to keep security and anti-virus software up to date, avoid downloads from unknown sources and to exercise caution clicking links in email.