Almost 2,500 firms hit by united botnets
Security researchers have found out, that one ZeuS botnet not only has turned more than 74,000 PCs at 2,500 firms into remote spying platforms. The researchers also found out, that the 50% of the infected machines are working hand-in-hand with a Waledac botnet, The Register reported. The coordinated attack on networks of companies and also government agencies began 18 months ago and targeted email passwords, login credentials, and other sensitive data.
According to the network forensic firm NetWitness many of the victims are Fortune 500 firms in the financial, energy, and high technology industries.
“The botnet is still active and still actively being managed by the organized criminal activity behind it,” NetWitness CTO Tim Belcher told The Register. “Over the last month, we’ve seen it retask its (victim) members half a dozen times looking for different types of information.”
Belcher said, that the attack used command-and-control servers located in Germany and the Netherlands, the domain names were mostly registered in China. A report in The Wall Street Journal mentions companies like pharmaceutical giant Merck and healthcare provider Cardinal Health in accordance withe the case. Both companies admitted to being affected the paper said. Unnamed sources said that Paramount Pictures and Juniper Networks were also infiltrated.
“The findings are the latest to cast doubt on the ability of Fortune 500 companies and government agencies to secure their networks against a rising cast of well-funded hackers sponsored by nation states or organized-crime gangs,” The Register sum up its article. An Belcher said: “It tells me our approach to net security is failing on a broad scale.”
However, the guys at NetWitness had to clarify some points about the ongoing coverage on their research results. First of all they stated at their corporate blog, that Kneber is not a pseudonym for ZeuS and ZeuS is only a tool used by many groups to create command and control systems. So there is no “The ZeuS Botnet”.
“When we discuss threat, we are referring to more than the tool used, but the organization behind them,” Tim Belcher and Alex Cox wrote.
Second the blog post answered coverage on a Symantec citation by the Guardian, KrebsOnSecurity and others:
“This quote is particularly troubling, as it seems to minimize the threat and is almost dismissive. Moreover, when this particular variant was analyzed in late January (various services used), Symantec did NOT detect this as malicious. To be fair, McAfee, Trend Micro, AVG, and most other mainstream anti-virus solutions also failed to recognize this as malicious. In the past 3 weeks, Symantec has added signatures to detect this particular variant as a generic “Trojan Horse”.”
