Researchers at network forensics firm NetWitness Corp., have discovered evidence that the Zeus Trojan continues to evade antivirus and steal thousands of passwords on consumer and corporate network PCs.
Investigators said they discovered a 75GB cache, believed to be a hacker drop site tied to the Zeus infections. The cache contained the stolen data from more than 74,000 Zeus infected systems. The hacker files, a one month dump of data from mid-December to mid-January, were discovered Jan. 26 during a routine evaluation of a corporate network. Alex Cox, a principal analyst at NetWitness and researcher who discovered the cache, said he traced a malware download from the corporate network back to a server in Germany, which was left unprotected by the cybercriminals.
NetWitness named the infected PCs tied to the latest wave of Zeus attacks the Kneber botnet. Zeus collected extensive data from individuals at commercial and government systems, including 68,000 corporate login credentials, 2,000 SSL certificate files, and usernames and passwords for online banking sites and social networks. The most common stolen account credentials were usernames and passwords to Yahoo email and Facebook accounts.
| < Prev | Next > |
|---|