‘Kneber’ Botnet Attacks PCs Worldwide: FAQ

Security firm Netwitness has discovered a new botnet that puts the potential threat of last year’s Conficker worm to shame. Called the Kneber botnet, this new form of malware has infected more than 74,000 computer systems across the world and is focused on stealing login credentials for e-mail systems, social networks, and banking sites, according to Netwitness. Kneber is incredibly hard to detect and has reportedly compromised data from nearly 2500 corporate and government and corporate networks around the world. Here’s the latest on what’s going on and how you can protect yourself from joining the ranks of the Kneber botnet.

What is It?

Netwitness says Kneber is a ZeuS Trojan botnet, a type of botnet known for its capability to target and steal key information stored on your computer, such as login credentials. More than half of the computer systems in the Kneber botnet also have the Waledac Trojan–a worm known to create e-mail spam botnets that was recently associated with Conficker.

Where is Kneber?

Netwitness says Kneber controlled machines are in 196 countries. The five countries with the most significant instances of infected machines are Egypt, Mexico, Saudi Arabia, Turkey, and the United States.

Who is Getting Hit?

Kneber targets only Windows machines, and computers are running Windows XP Professional SP2 make up the majority of the botnet army. Netwitness did not report on infections among Windows 7 machines. Kneber is primarily found on machines in corporate and government infrastructures, but home users can be affected as well.

Netwitness hasn’t named which companies have been compromised, but The Wall Street Journal is reporting that affected companies include Merck & Co., Cardinal Health, Paramount Pictures, and software company Juniper Networks Inc.

What is Being Stolen?

Kneber is targeting login credentials for online social networks, e-mail accounts, and online financial services. The top sites with stolen login credentials, according to Netwitness’ report are Facebook, Yahoo, hi5, metroflog, sonico and netlog. While the focus has been on e-mail and social networks, Kneber is now targeting banking sites as well.

How Effective is it?

Netwitness reports that Kneber was able to grab 68,000 login credentials over a 4-week period.

How Old is Kneber?

The botnet has been around for nearly a year, according to Netwitness’ report, but The Wall Street Journal is reporting the botnet campaign has been active for the past 18 months.

What Can I Do To Protect Myself?

Even though the Kneber botnet targets large organizations for infection, your machine at home can still be compromised. This botnet grows its

numbers by convincing users to visit a malicious Website where malware sneaks onto your system or by downloading an e-mail attachment.

As with any form of malware, the best way to protect yourself is to use smart practices when navigating the Web. Don’t download suspicious e-mail attachments, especially from addresses you don’t recognize, and be wary of links to suspicious Websites. Some examples of suspicious links found in e-mail messages include requests for you to log in to your bank account to confirm something or invite you to view a funny video. Finally, always make sure your antivirus program is up to date.

For more information on how to protect yourself online read:

How to Stop 11 Hidden Security Threats

Internet Tips: Think Before You Click to Avoid Viruses and Scams

Picking the Right Security Software

Is Your PC Bot-Net Infested? Here’s How To Tell

Connect with Ian on Twitter (@ianpaul) or on Google Buzz.