Friday, February 19, 2010

Kneber AKA Zeus: How to Deal With It (Hint: Don't be Stupid)

"Protect Your Business from Kneber-Style Botnets"
Tony Bradley, PC World (February 18, 2010)

"A report from security research firm NetWitness about a malicious botnet dubbed Kneber has been the focus of a fair amount of media attention, but mostly sensationalism that misses the real point.

"Yes, the Kneber botnet consists of nearly 75,000 computers. Yes, systems at roughly 2,500 different companies around the world have been infiltrated. Yes, government agencies have had data compromised. Sadly, that is just 'a day in the life'. There is nothing spectacular about those figures...."

"...[Symantec Security Response's senior director Elias] Levy also took issue with the media categorization of Kneber as a new threat in his e-mail. 'Kneber, in reality, is not a new threat at all, but is simply a pseudonym for the infamous and well-known Zeus Trojan. The name Kneber simply refers to a particular group, or herd, of zombie computers, a.k.a. bots, being controlled by one owner. The actual Trojan itself is the same Trojan.Zbot, which also goes by the name Zeus, which has been being observed, analyzed and protected against for some time now.'..."

"...Symantec's Levy explains 'Though it is true that this Kneber string of the overall Zeus botnet is fairly large, it does not involve any new malicious threats. Thus, computer users with up-to -date security software should already be protected from this threat.'

"[McAfee security specialist Joris] Evers echoed that basic sentiment, pointing out 'Additionally, users should keep the standard rules of PC security in mind--keep your software and operating system up to date, run a complete and up-to-date suite of security software, including a firewall and antimalware detection and don't click on suspicious links in e-mail, instant messages or those that arrive via social media.'..."

Let me recap what people who know what they're talking about said, about not getting infected:
  • Keep your operating system updated
  • Keep your software updated
  • "Run a complete and up-to-date suite of security software, including"
    • A firewall
    • Antimalware detection
  • Don't click on suspicious links in
    • Email
    • Instant messages
    • Those arriving via social media
I think I can summarize that good advice on a single point:
In a corporate setting, that's not always possible, of course. The department head may be getting a bonus for saving money - by not renewing the antimalware software's license.

I think the article's author was spot-on with these two paragraphs:

"...The news part of this story isn't really the expanse of the Kneber botnet, or even the sensitive information it appears to have compromised. Sadly, the real story is how or why 2,500 organizations around the world, including government agencies, have such weak security that they allowed 75,000 PC's to be compromised by a relatively archaic threat for which detection and protection have existed for over a year...."

"...Kneber is nothing. It is barely worth mentioning. What is worth mentioning again, and again, and again, is the importance of applying patches and updates in a timely manner, employing anti-malware security software and keeping it up to date to detect current threats, and continuing to educate users to not click on links or open attachments in messages...."

No comments:

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?


Family Blogs - Blog Catalog Blog Directory