Kneber Botnet Steals Login Data from 75,000+ Computers

The Kneber botnet, a malicious program that steals login information, has compromised 2,500 organizations and an estimated 75,000 computers worldwide. Affected systems include Facebook, Yahoo, some banks, and companies such as Merck.

PCWorld has a good Q&A about the Kneber botnet:

Where is Kneber?

Netwitness says Kneber controlled machines are in 196 countries. The five countries with the most significant instances of infected machines are Egypt, Mexico, Saudi Arabia, Turkey and the United States.

Who is getting hit?

Kneber only targets Windows machines, and computers are running Windows XP Professional SP2 make up the majority of the botnet. Netwitness did not report on infections among Windows 7 machines. Kneber is primarily found on machines in corporate and government infrastructures, but home users can be affected as well.

Netwitness hasn’t named which companies have been compromised, but The Wall Street Journal is reporting that affected companies include Merck & Co., Cardinal Health, Paramount Pictures and software company Juniper Networks Inc.

What is being stolen?

Kneber is targeting login credentials for online social networks, e-mail accounts and online financial services. The top sites with stolen login credentials, according to Netwitness’ report are Facebook, Yahoo, hi5, metroflog, sonico and netlog. While the focus has been on e-mail and social networks, Kneber is now targeting banking sites as well.

To protect yourself, don’t download suspicious attachments, and be careful what websites you visit. Also, update your browser’s security settings so that it can alert you about potentially malicious websites.