What the Zeus!? Kneber botnet unmasked

Media reports from yesterday about a "broad new hacking attack" against corporations and government agencies gained a lot of attention.

Here are just a handful of the heart-stopping headlines we saw:

* More than 75,000 computer systems hacked in one of largest cyber attacks, security firm says
* 'Kneber' Attack Shows Extensive Vulnerability of Corporate Computer Networks
* Kneber botnet steals log-ins to 75,000 companies
* Trove of 68,000 stolen logons in hands of 'amateur' hackers

Inevitably many people have contacted Sophos asking about the mysterious "Kneber botnet", and whether we can protect computers
against it.

Obviously botnets are a big problem, but what many of the reports have missed is that "Kneber" is just another name for a family of malware which has been in existence for over two years called Zeus or ZBot.

Here, for instance, is a blog post from late 2007 where Fraser Howard of SophosLabs discussed one of the earliest versions of Zeus:
"Zbot (aka Prg) banking Trojan distribution".

We have discussed many many more aspects and examples of Zbot/Zeus since, including last year I revealed on the Clu-blog that a man and woman were arrested in Manchester, UK, in relation to a strain of the Zbot/Zeus Trojan that they were allegedly spreading.

So, in reality, Kneber is nothing new at all. It's just that the media latched onto a new name for a known threat.


Source: Sophos