Kneber Botnet

[begood]

According to Thursday reports about 25000 organizations around the world has been affected by the Botnet. This Botnet is newly discovered virus and affected 75000 systems in these organizations. According to the Va-based detection company Herndon the Net witness have told that this new invasion dubbed the “Kneber Botnet” after the username linking the contaminated system world wide, they gather the user logins qualifications to online economic systems, community network sites and e-mail systems.

This system information is basically used by the hackers. With the help of this information they break into the user accounts and steal the business. They can also steal the government’s important information. The hackers can change the personal, online and financial identities with the help of this information.

The company officials said that Kneber Botnet had snagged about 68000 corporate and personal login qualifications. The sites which have been affected by this discovery include Palo Alto-based Facebook Inc. and Sunnyvale-based Yahoo Inc.’s e-mail system.

According to a report that the Mountain View-based Google Inc. had taken a decision that they will move out of China because the hackers in China have targeted g-mail and its other sites.

Kneber is a ZeuS Trojan Botnet which has the ability to steal the main information from a computer. It only affects the Windows Machines and the computers which are running Windows XP Professional SP2. These computer systems make majority of the Botnet. Though this Botnet targets only the big organizations but they grow there targets by convincing the user to visit the malicious websites and by making them download things from there. So all the computer users be aware of this Botnet.

Kneber Botnet

[DarkIceee]

Recently, Symantec observed some high-profile coverage of a threat being reported as a new type of computer virus known as “Kneber.” In reality Kneber is simply a pseudonym for the Zeus Trojan/botnet. The name Kneber refers to a particular group, or herd, of zombie computers (a.k.a. bots) being controlled by one owner. The actual Trojan itself is the same Trojan.Zbot that also goes by the name Zeus, which has been observed, analyzed, and protected against for some time now.

Since Zeus/Zbot toolkits are widely available on the underground economy, it is not uncommon for attackers to create new strains, such as Kneber, of the overall Zeus botnet. Though it is true that this Kneber strain of the overall Zeus botnet is fairly large, it does not involve any new malicious threats. Thus, Symantec customers with up-to-date security software should already be protected from this threat.

Symantec detects the Zeus Trojan, otherwise known as Trojan.Zbot, as the following:

• Trojan.Zbot

• Trojan.Zbot!gen

• Trojan.Zbot!gen1

• Trojan.Zbot!gen2

• Trojan.Zbot!gen3

• Trojan.Zbot!gen4

• Trojan.Zbot!gen5

• HTTP Trojan Zbot Domain (IPS)

• HTTP Zbot Malicious File Download (IPS)

Check out the blog post Zeus, King of the Underground Crimeware Toolkits on Symantec’s Security Response blog to get a better feel for how an attacker can use the Zeus toolkit to create their very own string of the overall botnet. Also, Symantec has an extensive analysis of the Zeus botnet in the previously published whitepaper entitled Zeus: King of the Bots.

Symantec has also observed cybercriminals seeking to exploit computer users’ fears—spurred by all of the coverage that this threat is receiving—by poisoning search engine results for keywords such as “Kneber Botnet Removal.” In fact, when analyzed by Symantec, the highest ranked result on Google using these search terms led to a site hosting rogue antivirus software

?Kneber? = Zeus | Symantec Connect

ZEUS THE BOSS