Virus attack lays low many computers

The malicious program, or Botnet, can commandeer the operating systems of both residential and corporate computing systems via the Internet. Such botnets are used by computer criminals for a range of illicit activities, including sending e-mail spam, and stealing digital documents and passwords from infected computers. In many cases they install so-called “keystroke loggers” to capture personal information.

The current infection is modest compared to some of the largest known botnets. For example, Conficker, created in late 2008, infected as many as 15 mn computers at its peak and continues to contaminate more than 7 mn systems globally. Currently Shadowserver, an organisation that tracks botnet activity, is monitoring 5,900 separate botnets.

NetWitness said in a release that it had discovered the program last month while the company was installing monitoring systems. The company dubbed it the “Kneber botnet” based on a username that linked the infected systems. The purpose appears to be to gather login credentials to online financial systems, social networking sites and e-mail systems, and then transmit that information to the system’s controllers.

The company’s investigation determined that the botnet has been able to compromise both commercial and government systems, including 68,000 corporate log-in credentials. It has also gained access to e-mail systems, online banking accounts, Facebook, Yahoo, Hotmail and other social network credentials, along with more than 2,000 digital security certificates and a significant cache of personal identity information.

“These large-scale compromises of enterprise networks have reached epidemic levels,” said Amit Yoran, CEO of NetWitness and former director of the National Cyber Security Division of the Department of Homeland Security. “Cyber criminal elements, like the Kneber crew, quietly and diligently target and compromise thousands of government and commercial organizations across the globe.”

The company noted that the new botnet makes sophisticated use of a well-known Trojan Horse  identified as ZeuS.  “Many security analysts tend to classify ZeuS solely as a Trojan that steals banking information,” stated Alex Cox, the Principal Analyst at NetWitness responsible for uncovering the Kneber-bot.  The existence of the botnet was first reported by the ‘Wall Street Journal’.