Egypt and Saudi snared in ‘dangerous’ botnet

NetWitness reveals that Middle Eastern countries are some of the worst hit by new cyber attack

Tags: BotnetCyber crimeMalwareUnited Arab Emirates
  • E-Mail
Egypt and Saudi snared in ‘dangerous’ botnet Middle Eastern countries are some of the worst affected by the Kneber botnet that has infected 75,000 machines around the world.
By  Vineetha Menon Published  February 22, 2010

Egypt is the country worst affected by a "dangerous new" botnet that has control of 75,000 systems around the world, according to the US-based internet security firm NetWitness.

Dubbed ‘Kneber', the botnet is said to involve 75,000 zombie machines in 2,500 organisations globally, gathering login credentials to online financial systems, social networking sites and email systems from infected computers.

NetWitness warns that the information is being reported to cybercriminals who can use it to break into accounts, steal corporate and government information, and replicate personal, online and financial identities.

Edward Schwartz, chief security officer at NetWitness, says that companies in the Middle East are among the most affected by the Kneber botnet.

"The country with the most machines affected out the 75,000 was Egypt with almost 7,000. Saudi Arabia came in third with almost 4,700 and Kuwait had almost 1,500," revealed Shwartz. "The Emirates (UAE) total was relatively low, with only 50 devices, but we found that there was no specific country or market-sector being targeted."

NetWitness first discovered the Kneber botnet in January and further investigation revealed widespread compromise of commercial and government systems that included 68,000 corporate login credentials, access to email systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials.

Both Trend Micro and Symantec say the threat is "nothing new", with a Symatec specialist arguing that Kneber is simply a pseudonym for the prevailing Zeus Trojan. "Though it is true that this Kneber string of the overall Zeus botnet is fairly large, it does not involve any new malicious threats," a statement from the anti-virus firm reads.

However Tim Belcher and Alex Cox from NetWitness counter their dismissive claims by clarifying that it's not merely a pseudonym for ZeuS. "Kneber refers to one group of organized criminals, one group of Command and Control Systems, and 74,000+ infected victim systems for this particular ZeuS (primarily) botnet. ZeuS is a tool, used by many groups to create command and control systems, and steal information."

They also state that though Kneber is a medium-sized infestation compared to all the tracked ZeuS botnets on the internet, it's still valuable because of the opportunity to analyse the large sample of stolen information and that "trivializing the damage done is simply disingenuous by anyone who has seen the types of data stolen from threats such as these."

3343 days ago
Vijay Edited by ITP.net

I somehow believe that SOME if not all of the AntiVirus companies are either hand-in-gloves or liaising with the unethical hacking / cyber criminal community. Its what keeps their business running. If all of the network was free of viruses, who would need to buy their products. Its a dangerous game being played by the commercial exploiters of innocent computer users. I believe a solution to this would be a Non-Profit Security Company that can mitigate if not wipe off these attacks. Sure enough i don't deny that there are also organized crime networks doing the damage ... but i also feel there is a commercial aspect to this whole gameplan. Forgive my open thoughts but its something to think about!!!

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code