New Zeus botnet discovered in 75,000 systems

Network forensics firm NetWitness has uncovered a new Zeus botnet that it believes could be affecting over 75,000 systems in 2,500 companies worldwide.

The 'Kneber' botnet is said to gather log-in information for financial systems, social networking sites and email systems.

NetWitness said that it first discovered the botnet in January during a routine deployment of its own monitoring solutions. Further investigation showed that huge numbers of commercial and government systems had been compromised.

Amit Yoran, chief executive of NetWitness, claimed that conventional malware protection and signature-based intrusion detection systems are becoming inadequate as large-scale compromises of enterprise networks reach epidemic levels.

"Cyber criminal elements like the Kneber crew target and compromise thousands of organisations across the globe. Those that have not kept pace with the rapid advances of the threat environment will not see this Trojan until the damage occurs," he said.

Alex Cox, a principal analyst at NetWitness, who was responsible for uncovering Kneber, warned that the scale of the threat has ramifications for the entire industry.

"When we detected the correlation between the methodology used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, it became clear that security teams must rethink their entire perspective on threats such as Zeus," he said.

Cox added that over half of the machines infected with Kneber are also infected with a peer-to-peer botnet known as Waledac, suggesting that the criminals are attempting to give the botnet resilience for "deeper cross-crew collaboration in the criminal underground".

Zeus has long been a thorn in the side of the IT industry. Websense issued a warning last week about a renew ed spate of global attacks targeting staff in government and military departments.