Thursday, February 18, 2010

on 18-Feb-2010 :: NetWitness reported 'Kneber Botnet' {CRITICAL}

On 18-Feb-2010; NetWitness has reported of new malware 'Kneber botnet';

its a variant of Zeus and mainly target stealing Credentials, Key-logging, etc.

... has affected more than 2500 organizations;

... currently no IPS/IDS have adequate signatures detecting it.

... it can also act with other malwares, fav noticed is Waledac (a P2P Trojan)

[] A try to check if Machine is infected by a Kneber (Zeus Variant), is

        The registry key can be found by following this path, he said:

        HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit

        normally will have an entry like "C:\WINDOWS\system32\userinit.exe,"
        ZeuS will add itself to the list, typically as 'ntos.'
        But could always change its name; so if any un-relevant entries found here... may be machine is infected.

        If any more entries found, or suspicion is there scan the file listed here.

[] Its suggested to patch all latest MS10-* and Adobe releases on all the machines;
    and as always not open suspicious e-mails
[]NetWitness said that Kneber was primarily found on corporate and government computers, however home users are likely to attract the infestation as well.

[] more details @

*** ***