Facebook and Maktoob accounts compromised by botnet
Chief security officer for NetWitness reveals the top e-mail and social networking sites affected by Kneber
The Kneber botnet, which has infected 75,000 computers worldwide, has stolen login details from several e-mail and social networking sites including Facebook, Yahoo! and Maktoob.
US-based internet security firm NetWitness discovered the Kneber botnet in January along with a widespread compromise that included corporate login details, access to email systems, online banking sites, Facebook, Yahoo!, Hotmail and other social networking credentials.
"We believe that it (Kneber) was specifically organised to target certain types of usernames and passwords such as corporate passwords, social networking and top portals like Yahoo! and Maktoob," Edward Schwartz, chief security officer at NetWitness told ITP.net
Egypt was found to be the country worst affected by Kneber with close to 7,000 infected systems, followed by Mexico, Saudi Arabia, Turkey, the United States and Pakistan.
While NetWitness will not divulge details of the corporate accounts and companies compromised, Schwartz did say that Facebook login credentials topped the list of compromised social networking and e-mail accounts globally at about 4,000 affected accounts, followed by Yahoo!, hi5, MetroFLOG, Sonico, Netlog and even regional player Maktoob with 535 compromised accounts.
Kneber is just one of many prevailing Zeus botnets today, with several anti-virus vendors dismissing the threat as 'nothing new'. Schwartz reacts to this by saying that their NetWitness has always been about awareness and driving people to take new approaches to securing networks, not competing with the likes of Symantec and McAfee.
"They (AV vendors) are charging people a lot of money for technology that's supposed to work. This is not the only botnet; there are 4 million computers every month that gets compromised from these botnets. If these softwares from all these other vendors are go good, why are all these organisations and private individuals still being infected with Zeus?" asks Shwartz. "These companies are so nervous because they don't want people to fall into this belief that they can't prevent this stuff. The reality is that you're going to be compromised no matter what."
He adds that Kneber is stealing more than just financial information, unlike most traditional Zeus botnets. It had shut down for a couple of hours once news of its existence broke, but has reemerged and NetWitness plans to post updates on it soon.
The company is already working with the FBI and US Department of Homeland Security in relation to government-level breaches, and is said to still be in the process of notifying every single company that has had systems compromised. Customers with up-to-date security software are now protected from the variant in question, but for some, the damage was extensive.
"I had a conference call with an energy company on Sunday...in 12 hours they had 65 megabytes of data stolen. We believe that Kneber has been operating in some organisations for 12 to 18 months. Compare that to 65MB lost in 12 hours and do the math. That's a lot of data," Schwartz stated.