Create a free account, or log in

Massive cyber attack targets 2,500 businesses in 18 months

A new cyber attack designed to steal the login details of users on sites such as Facebook and Yahoo has been flagged as potentially more dangerous than the infamous Conficker worm. Security firm Netwitness recently discovered the existence of the Kneber botnet, a new form of malware which has so far infected over 74,000 computers […]
Patrick Stafford
Patrick Stafford

A new cyber attack designed to steal the login details of users on sites such as Facebook and Yahoo has been flagged as potentially more dangerous than the infamous Conficker worm.

Security firm Netwitness recently discovered the existence of the Kneber botnet, a new form of malware which has so far infected over 74,000 computers worldwide and has attacked over 2,500 corporate and government organisations over the past 18 months.

In its whitepaper report, the firm said Kneber is acting as a type of botnet known for stealing login information, with a Trojan known as “Waledac” infecting computers. It is understood this Waledac Trojan was also associated with the Conficker worm.

So far the botnet has affected over 190 countries, but the US, Egypt, Mexico, Saudi Arabia and Turkey have recorded the highest number of infections.

NetWitness chief executive Amit Yoran said in a statement that a cache of 75GB worth of data has been stolen by the botnet, which includes thousands of login details for corporate Facebook, Yahoo and Hotmail accounts.

It is understood this cache also includes credit card details and a large amount of intellectual property.

“Disturbingly, the data was only a one-month snapshot from a campaign that has been in operation for more than a year,” he said in a statement.

While the whitepaper did not specify the corporations involved in the attacks, a separate report from the Wall Street Journal has claimed pharmaceutical giant Merck & Co., Paramount Pictures, Juniper Networks and Cardinal Health are among some of the companies hit by the botnet.

Additionally, the report stated many infections have occurred after users have clicked on phishing emails, which then linked to several sites containing malware.

Yoran said in a statement the problem is more serious than a normal piece of spyware, and that “conventional” protection methods won’t necessarily keep business networks safe.

“Conventional malware protection and signature-based intrusion detection systems are, by definition, inadequate for addressing Kneber or most other advanced threats,” he said. “Systems compromised by this botnet provide the attackers with not only user credentials and confidential information, but remote access inside the compromised networks.”

“Systems compromised by this botnet provide the attackers not only user credentials and confidential information, but remote access inside the compromised networks.”

It is also understood the botnet targets Windows machines, with the Windows XP Professional operating system receiving most of the attacks.

And while the cyber-attack is primarily targeted towards business and government users, home networks can also be affected. NetWitness has advised users to ensure their virus protection software is up-to-date and that suspicious emails and links are not opened.