74 000 computers under the control of a Botnet

Computer security company NetWitness states that last month they discovered evidence that more than 75 GB of data had been stolen via a botnet controlling more than 74 000 computers in 196 countries.

A month after it was revealed that a cyber attack hit Google and other companies, NetWitness has picked up on this current "tendency" to indicate that through an infection campaign which began 18 months ago, the computer networks of 2 500 organisations (companies and governmental agencies) have been penetrated, leading to the construction of a botnet comprising of 74 000 compromised computers.

The operation involved 196 countries, with the hosts mainly situated in Egypt (19%), Mexico (15%), Saudi Arabia (13%), Turkey (12%) and the United States (11%). The control of these computers was taken via a Trojan horse named ZeuS, which in particular targeted the Windows XP operating system, and to a lesser degree Windows Vista.

Over a period of four weeks, NetWitness analysed data relating to the theft of 68 000 connection identifiers. Up to this moment, the botnet has allowed for the theft of 75 GB of data linked to emails, online banking sites, email sites like Yahoo! and Hotmail and social networking sites like Facebook. This information would then be on sold to people on the black market.

The botnet seems to be rather sophisticated with connections established with other detected botnet’s, a rare event as generally botnets compete against each other. NetWitness believes it is probable that the attack was orchestrated by a group based out of Eastern Europe who are already suspected of having attempted to steal US governmental passwords.