Zeus Trojan found on 74,000 PCs in global botnet

More than 74,000 PCs at nearly 2,500 organizations around the globe were compromised over the past year and a half in a botnet infestation designed to steal login credentials to bank sites, social networks, and e-mail systems, a security firm said Wednesday.

The systems were infected with the Zeus Trojan and the botnet was dubbed “Kneber” after a username that linked the infected PCs on corporate and government systems, according to NetWitness.

The Wall Street Journal reported that Merck, Cardinal Health, Paramount Pictures, and Juniper Networks were among the targets in the attack. NetWitness speculated that criminals in Eastern Europe using a command-and-control server in Germany sent attachments containing the malware in e-mails or links to the malware on Web sites that employees within the companies clicked on.

NetWitness said it discovered more than 75 gigabytes worth of stolen data during routine analytic tasks as part of an evaluation of a client network on January 26. The cache of stolen data included 68,000 corporate login credentials, access to e-mail systems, online banking sites, Facebook, Yahoo, Hotmail, 2,000 SSL (Secure Sockets Layer) certificate files and data on individuals, NetWitness said in a statement and in a whitepaper available for download from its Web site.

In addition to stealing specific data, Zeus can be used to search for and steal any file on the computer, download and execute programs and allow someone to remotely control the computer.

More than half of the compromised machines were also infected with peer-to-peer bot malware called Waledac, the company said. Nearly 200 countries were affected, with most of the infections found in Egypt, Mexico, Saudi Arabia, Turkey and the United States.

The news comes after Google announced an attack targeting it and what is believed to be more than 30 other companies and which was linked back to China. McAfee dubbed that attack “Operation Aurora.”

“While Operation Aurora shed light on advanced threats from sponsored adversaries, the number of compromised companies and organizations pales in comparison to this single botnet,” said Amit Yoran, chief executive of NetWitness and former Director of the National Cyber Security Division. “These large-scale compromises of enterprise networks have reached epidemic levels.”

February 17, 2010 6:59 PM PST
by Elinor Mills

Click Here To Chat With A Representative Now

Call us today 1-800-905-GEEK (4335) or visit us online www.geeksoncall.com

Broad New Hacking Attack Detected

Global Offensive Snagged Corporate, Personal Data at nearly 2,500 Companies; Operation Is Still Running

Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, according to a computer-security company that discovered the breach.

The damage from the latest cyberattack is still being assessed, and affected companies are still being notified. But data compiled by NetWitness, the closely held firm that discovered the breaches, showed that hackers gained access to a wide array of data at 2,411 companies, from credit-card transactions to intellectual property.

The hacking operation, the latest of several major hacks that have raised alarms for companies and government officials, is still running and it isn’t clear to what extent it has been contained, NetWitness said. Also unclear is the full amount of data stolen and how it was used. Two companies that were infiltrated, pharmaceutical giant Merck & Co. and Cardinal Health Inc., said they had isolated and contained the problem.

Starting in late 2008, hackers operating a command center in Germany got into corporate networks by enticing employees to click on contaminated Web sites, email attachments or ads purporting to clean up viruses, NetWitness found.

In more than 100 cases, the hackers gained access to corporate servers that store large quantities of business data, such as company files, databases and email.

They also broke into computers at 10 U.S. government agencies. In one case, they obtained the user name and password of a soldier’s military email account, NetWitness found. A Pentagon spokesman said the military didn’t comment on specific threats or intrusions.

At one company, the hackers gained access to a corporate server used for processing online credit-card payments. At others, stolen passwords provided access to computers used to store and swap proprietary corporate documents, presentations, contracts and even upcoming versions of software products, NetWitness said.

Data stolen from another U.S. company pointed to an employee’s apparent involvement in criminal activities; authorities have been called in to investigate, NetWitness said. Criminal groups have used such information to extort sensitive information from employees in the past.

The spyware used in this attack allows hackers to control computers remotely, said Amit Yoran, chief executive of NetWitness. NetWitness engineer Alex Cox said he uncovered the scheme Jan. 26 while installing technology for a large corporation to hunt for cyberattacks.

That discovery points to the growing number of attacks in recent years that have drafted computers into cyber armies known as botnets—intrusions not blocked by standard antivirus software. Researchers estimate millions of computers are conscripted into these armies.

“It highlights the weaknesses in cyber security right now,” said Adam Meyers, a senior engineer at government contractor SRA International Inc. who reviewed the NetWitness data. “If you’re a Fortune 500 company or a government agency or a home DSL user, you could be successfully victimized.”

Disclosure of the attack comes on the heels of Google Inc.’s allegation that it and more than 20 other companies were breached by Chinese hackers. This operation appears to be more far-reaching, infiltrating some 75,000 computers and touching 196 countries. The highest concentrations of infected computers are in Egypt, Mexico, Saudi Arabia, Turkey and the U.S.

NetWitness, based in Herndon, Va., said it was sharing information with the companies infected. Mr. Yoran declined to name them. The company provides computer security for U.S. government agencies and companies. Mr. Yoran is a former Air Force officer who also served as cyber security chief at the Department of Homeland Security.

Besides Merck and Cardinal Health, people familiar with the attack named several other companies infiltrated, including Paramount Pictures and software company Juniper Networks Inc.

Merck said in a statement that one computer had been infected. It said it had isolated the attack and that “no sensitive information was compromised.”

Cardinal said it removed the infected computer from its network. Paramount declined to comment. Juniper’s security chief, Barry Greene, wouldn’t speak about any specific incidents but said the company worked aggressively to counter infections.

Journal CommunityDISCUSS
“The key is not to pour money into protecting information, but to develop a global approach to neutralizing its value. By creating secrets, we have created value, which is pursued by opportunists. ”
—John M. Brock
NetWitness, which does extensive work for the U.S. government and private-sector clients, said it was sharing its information with the Federal Bureau of Investigation. The FBI said it received numerous allegations about potential compromises of network systems and responded promptly, in coordination with law-enforcement partners.

The computers were infected with spyware called ZeuS, which is available free on the Internet in its basic form. It works with the FireFox browser, according to computer-security firm SecureWorks. This version included a $2,000 feature that works with FireFox, according to SecureWorks.

Evidence suggests an Eastern European criminal group is behind the operation, likely using some computers in China because it’s easier to operate there without being caught, said NetWitness’s Mr. Yoran.

There are some electronic fingerprints suggesting the same group was behind a recent effort to dupe government officials and others into downloading spyware via emails purporting to be from the National Security Agency and the U.S. military, NetWitness’s Mr. Yoran said.

That attack was described in a Feb. 5 report from the Department of Homeland Security, which said it was issuing an alert to the government and other organizations to “prevent further compromises.”

A DHS official said that ZeuS was among the top five reported tools for malware infections.

Click Here To Chat With A Representative Now

Call us today 1-800-905-GEEK (4335) or visit us online www.geeksoncall.com

A new virus may be set to target computers on April Fool’s Day.

Wired PR News – A new malware threat may prove to be the most destructive one seen in a while. As reported on Yahoo! Tech Buzz, the Conficker C worm is expected to be set to attack on April 1, and has led to the rush of security experts seeking ways to lesson it’s potential impact. As noted in the report, the Conficker was first given widespread attention in January of this year after initially surfacing in the latter part of 2008. It is said to have affected more than nine million computers. The Conficker C is the third version of the malware to be released. Microsoft has reportedly offered a $250,000 reward to those who may have information leading to the worm’s source or writer. Individuals are cautioned to help protect their PCs by taking steps such as updating anti-malware software. 

Call us today to make sure that you have the virus protection you need!

MAKE SURE YOUR COMPUTER IS NOT AT RISK!

Geeks On Call Commercials

From past to present, we now have most of our commercials online. Check them out below. 

Home & Business
905 Reasons
No More Spam
Hackers?

Old Commercials:
Scream Commercial
First Aid
Game Show
Ad Meeting

Tool #5 - Speed Test

Speedtest.net is a broadband connection analysis tool with a huge selection of geographically dispersed testing servers. Ookla provides this service free to hundreds of thousands of people every day. If you are experiencing slowness with your Internet connection or are simply interested in testing your speed, Speedtest.net is for you.

Basically SpeedTest.net allows you to test your Internet connection speed. It’s great to use when you want to see if your ISP is holding up on their end of the bargain.

Visit Speed Test

Call Geeks On Call today for all of your computer and network needs.
Mention “Blogger2” and receive $20 OFF NEW SERVICE

Tool #4 - Zamzar

Have you ever wanted to convert files without the need to download software ? Zamzar is dedicated to helping you transform your songs, videos, images and documents into different formats.

Visit Zamzar 

Call Geeks On Call today for all of your computer and network needs.
Mention “Blogger2” and receive $20 OFF NEW SERVICE

Tool #3 - Pandora

With Pandora you can explore this vast trove of music to your heart's content. Just drop the name of one of your favorite songs or artists into Pandora and let the Genome Project go. It will quickly scan its entire world of analyzed music, almost a century of popular recordings - new and old, well known and completely obscure - to find songs with interesting musical similarities to your choice. Then sit back and enjoy as it creates a listening experience full of current and soon-to-be favorite songs for you.

You can create as many "stations" as you want. And you can even refine them. If it's not quite right you can tell it so and it will get better for you. 

Visit Pandora

Tool #2 - Twitter

Twitter is a service for friends, family, and co–workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?

Why? Because even basic updates are meaningful to family members, friends, or colleagues—especially when they’re timely.

• Eating soup? Research shows that moms want to know.
• Running late to a meeting? Your co–workers might find that useful.
• Partying? Your friends may want to join you.

With Twitter, you can stay hyper–connected to your friends and always know what they’re doing. Or, you can stop following them any time. You can even set quiet times on Twitter so you’re not interrupted.

Twitter puts you in control and becomes a modern antidote to information overload.

Click Here To Get Started

Tool #1 - You Send It

For years business professionals have been asking for a solution that would eliminate the frustrations of email attachment limits, the hassles of FTP servers, and the need to use overnight couriers to send large files.

YouSendIt has responded with an answer that fits seamlessly into the busy workflow of every organization. The secure, cost-effective and easy-to-use YouSendIt services are ideal for anyone with the need to send, receive and track digital content. 

Key Benefits:

• Plenty of size - Send files up to 100 MB with a 1 GB monthly download limit.
• Spread the word - Allow up to 100 downloads of every file.
• Address book - Keep track of your friends’ and family’s email addresses in one handy location.
• Files remain available for 7 days - Give your recipients a week to download the files you’ve sent.
• HIPAA Compliant - We are HIPAA compliant. 

Click here for more information

2/21/09 - New Virus Alert!

Date Published: 21 Jan 2009
Last Updated: 21 Jan 2009

Type : Trojan
Category : Win32

Also known as: Trojan-Downloader.Win32.Agent.avzz (Kaspersky), Troj/Agent-IJX (Sophos), DowritnBG (CA Anti-Spyware)
Description: Win32/Dowritn.BG is a trojan that downloads and executes binary files.
Method of Infection: Win32/Dowritn.BG usually arrives as an attachment to a spammed email. It may use the attachment name “bank_statement.scr”.

Immediate Protection Info:
CA Antivirus 2007
eTrust Antivirus v7/8*
eTrust EZ Antivirus 7.x
Vet 7

Call Us Today: 1-800-905-GEEK
Visit Us Online: www.geeksoncall.com/blogger

Mention “Blogger2″ for $20 Off New Service