Security blogger Brian Krebs on Friday wrote a column on the spreading infections from the Kneber botnet, which apparently caught a lot of peoples' eyes. The question has come up �does VIPRE protect me against Kneber?�
Kneber is simply a name that Netwitness gave to a variant of Zbot (also called Zeus.) It is not new. Our detections for some of the earliest variants date back to late 2006.
VIPRE detections for Zbot/Zeus/Kneber have been in place for some time. They actually are very good detections -- among the top in the AV industry.
Krebs column here.
Update 02/22:
The DaniWeb site is carrying a story on this that suggests where the name "Kneber" came from:
"The reason some folks have nicknamed it Kneber is that the malware domains involved in this particular branch of the Zeus botnet have �Hilary Kneber� listed as the domain registrant. Of course, Hilary Kneber is likely a completely made-up name" comments Mary Landesman, senior security researcher at ScanSafe.
DaniWeb story here.
Update 02/22 12 p.m. EST
Here are some more good details about the Kneber/Zbot/Zeus history from Dancho Danchev on ZDNet:
01. Why the name Kneber botnet?
The name Kneber comes from the email used to register the initial domain, used in the campaign - HilaryKneber@yahoo.com. What�s particularly interesting about this email, is the fact that it was also profiled in December, 2009�s �Celebrity-Themed Scareware Campaign Abusing DocStoc� analysis, linking it to money-mule recruitment campaigns back then.
02. My time is precious. In short, what is the Kneber botnet at the bottom line?
It�s a mini Zeus crimeware botnet, one of the most prevalent malicious software that successfully undermining two-factor authentication on the infected hosts (Report: 48% of 22 million scanned computers infected with malware), and is slipping through signatures-based antivirus detection (Modern banker malware undermines two-factor authentication) due to the systematically updated binaries.
Story here.
-- Tom Kelchner
No comments:
Post a Comment