A new type of Trojan has attacked 750,000 computers around the world, affecting 2,500 companies and government agencies.
According to security researchers at NetWitness, the new ZeuS botnet – dubbed the ‘Kneber botnet’ after the username linking the infected systems – has been in operation for 18 months.
NetWitness says the botnet gathered information including 68,000 corporate login credentials, access to email systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials, 2,000 SSL certificate files, and ‘dossier-level’ data sets on individuals including complete dumps of entire identities from victim machines.
It also gave the attackers remote access inside the compromised networks.
The information gathered was used to break into accounts, steal corporate and government information, and replicate personal, online and financial identities, says NetWitness.
“Many security analysts tend to classify ZeuS solely as a Trojan that steals banking information, but that viewpoint is naive,” said Alex Cox, who discovered the Kneber botnet.
“When we began to detect the correlation among both the methodology used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, it became clear that security teams must rethink their entire perspective on advanced threats such as ZeuS and consider more diverse mission objectives.”
Over half the machines infected with Kneber were also infected with Waledac, a peer-to-peer botnet, NetWitness said.