Zeus tosses some thunderbolts

More than 74,000 PCs at nearly 2,500 organisations were compromised by the Zeus Trojan last year and recruited into a botnet called  “Kneber”.

According to insecurity outfit NetWitness the Kneber botnet is designed to steal login credentials to bank sites, social networks, and e-mail systems.

The Wall Street Journal claims that Merck, Cardinal Health, Paramount Pictures, and Juniper Networks were among the targets in the attack. 

NetWitness thinks that criminals in Eastern Europe, using a command-and-control server in Germany, sent attachments containing the malware in e-mails or links to the malware on Web sites.

The insecurity outfit found more than 75GB worth of stolen data was found during routine analytic tasks as part of an evaluation of a client network on January 26. 

Apparently the tea leafs had half inched 68,000 corporate login credentials, access to e-mail systems, online banking sites, Facebook, Yahoo, Hotmail, 2,000 SSL (Secure Sockets Layer) certificate files and personal data. 

Zeus can be used to search for and steal any file on the computer, download and execute programs and allow someone to remotely control the computer.

One of the signatures of the botnet is peer-to-peer bot malware called Waledac, the company said. 

Of course  Kneber and Zeus have been around for a while.  But this is the first time that the extent of the network has been known.  Also it shows that while it has been good at stealing bank details it has also been successful at taking down government systems.