A new type of virus has infected over 75,000 machines in 2,500 organisations around the world, an internet security firm has claimed.
According to NetWitness, the ‘Kneber botnet’ gathers login credentials for online banking systems, social networking sites and email systems from infected PCs and passes them on to cyber criminals.
The firm first discovered the botnet in January during a routine deployment of its software. Further investigation revealed the data collected by the malware included 68,000 corporate login credentials, and access to sites including Facebook and Hotmail.
Amit Yoran, CEO of NetWitness, said: "These large-scale compromises of enterprise networks have reached epidemic levels. Cyber criminal elements like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe. Conventional malware protection and signature based intrusion detection systems are by definition inadequate for addressing Kneber or most other advanced threats.”
Over half the machines infected with Kneber also were infected with Waledac, a peer to peer botnet. The coexistence of ZeuS and Waledac suggests the goals of resilience and survivability and potential deeper cross-crew collaboration in the criminal underground.