Kneber bot?

Archive
1

Did a quick search of the Forum on this subject item.  Not much, with the exception of Floating_Red's recent post.

 

http://community.norton.com/t5/Tech-Outpost/Security-Information-Kneber-Zeus/m-p/205486

 

Which then relates to Symantec's "security response" on this as :

 

Trojan.Zbot

Risk Level 1: Very Low

 

http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99

 

Makes me wonder.  [Among other things --how does Symantec keep coming-up with these "Risk Very Low" evaluations for such Killer bots??  (2) already happened to me, on past, very bad infections.]

 

Are we NIS-types safe from things like this Kneber?  Kinda scary.

 

A couple of recent (today) articles on Kneber:

 

NYT: http://www.nytimes.com/2010/02/19/technology/19cyber.html?th=&emc=th&pagewanted=print

 

“Cyber criminal elements, like the Kneber crew, quietly and diligently target and compromise thousands of government and commercial organizations across the globe.”

"....the new botnet made sophisticated use of a well-known Trojan Horse — a backdoor entryway to attack — that the computer security community had previously identified as ZeuS."

 

“Many security analysts tend to classify ZeuS solely as a Trojan that steals banking information,” said Alex Cox, the principal analyst at NetWitness responsible for uncovering the Kneber botnet.

 

"But that viewpoint is naïve. When we began to detect the correlation among both the methodology used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, it became clear that security teams must rethink their entire perspective on advanced threats such as ZeuS.”

 

 

WP: http://www.washingtonpost.com/wp-dyn/content/article/2010/02/17/AR2010021705816_pf.html

 

"The attack also highlights the inability of the private sector -- including industries that would be expected to employ the most sophisticated cyber defenses -- to protect itself."

 

"The traditional security approaches of intrusion-detection systems and anti-virus software are by definition inadequate for these types of sophisticated threats," Yoran said. "The things that we -- industry -- have been doing for the past 20 years are ineffective with attacks like this. That's the story."

 

[And, BTW, here's the latest installment on our Chinese "Patriotic Hackers."

 

http://www.nytimes.com/2010/02/19/technology/19china.html?ref=technology  ]

 

All this makes me quite uneasy -- while those  NIS-blocked, "inbound TCP" attacks still keep coming in -- up to 50 or more, per day.

 

Comments welcome.

 

Robby