Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Digg this story   Add to  
Just what is this botnet called Kneber?
F-Secure, 2010-02-19
There's a botnet dubbed Kneber receiving lots of media attention this week.

So, just what is Kneber? Many reports have called it *THE* ZeuS botnet.

But really… it's just *A* ZeuS based botnet, dubbed Kneber because of the name used to register many of its domains.

And so what is ZeuS? Well, ZeuS is a kind of do it yourself toolkit for building botnets. We call it Zbot. Our first samples of Zbot/ZeuS date back to October 2007.

Here are some Zbot posts from our blog:

  •  February 2008: Mikkeli Spam Links to ZBot Malware
  •  April 2008: Ms. Polinka Wants Your Bank Account
  •  November 2009: Poker in the ZBot

Here's a screenshot of a ZeuS packages for sale:

ZeuS for sale

And here's a link to a video of a ZeuS botnet in action.

ZeuS is definitely a threat, but isn't a new threat.

Brian Krebs sums it up very nicely:

"Sadly, this botnet documented by NetWitness is neither unusual nor new. For the past several years at any given time, the number of distinct ZeuS botnets has hovered in the hundreds. At the moment, there nearly 700 command-and-control centers online for ZeuS botnets all over the world, according to ZeuStracker, a Web site that keeps tabs on the global threat from ZeuS."

On 19/02/10 At 03:14 PM

The information, views, and opinions contained on this page are those of the author and do not necessarily reflect the views and opinions of SecurityFocus.


Privacy Statement
Copyright 2009, SecurityFocus