Kneber BotNet infects Windows systems

I just read nearly a dozen reports on the Kneber BotNet, and none of the reports mention it, but this BotNet only affects Microsoft Windows computer systems. According to the actual NetWitness report, the top five Windows systems affected are variants of Windows XP (Home and Professional, SP 2 and 3), and Vista Home (SP 0, 1, and 2).

Sigh ... I wish websites would report the facts instead of just regurgitating stories from other websites. This morning I had to answer a bunch of questions about whether this affected Mac OS X or Linux systems, and the only way to get the answer was by reading the initial report.

Here are some quotes from the actual NetWitness report:

  • The format and structure of the logged data indicate a ZeuS Trojan botnet.
  • This botnet uses the internal name "BTN1".
  • They estimate BTN1 is composed of over 74,000 hosts.
  • The data analyzed shows the botnet was focused for a period on theft of credentials ... the data analyzed shows over 68,000 stolen credentials over a four-week period.
  • Early data shows the botnet was focused on obtaining data for social network sites, but the latest data shows the botnet is now targeting credentials for banking and digital currency sites.
  • More than half of the ZeuS bots are logging traffic from additional infections on the same host that are indicative of Waledac command and control traffic.

Please visit the website for more detailed information. You'll have to register to download their whitepaper (but they don't actually verify your email address).