There has been some recent high profile coverage of an online threat being referred to as “Kneber.” Some news coverage Symantec has observed has put forth that this is a new type of malware, which is simply not the case.
Kneber, in reality, is not a new threat at all, but is simply a pseudonym for the infamous and well-known Zeus Trojan. The name Kneber simply refers to a particular group, or herd, of zombie computers, a.k.a. bots, being controlled by one owner. The actual Trojan itself is the same Trojan.Zbot, which also goes by the name Zeus, which has been being observed, analyzed and protected against for some time now.<o p=""></o>
Since Zeus/Zbot toolkits are widely available on the underground economy, it is not uncommon for attackers to create new strings, such as Kneber, of the overall Zeus botnet.<o p=""></o>
Though it is true that this Kneber string of the overall Zeus botnet is fairly large, it does not involve any new malicious threats. Thus, computer users with up-to -date security software should already be protected from this threat.
The following signatures are providing protection from Zeus:
- Trojan.Zbot <o p=""></o>
- Trojan.Zbot!gen <o p=""></o>
- Trojan.Zbot!gen1 <o p=""></o>
- Trojan.Zbot!gen2 <o p=""></o>
- Trojan.Zbot!gen3 <o p=""></o>
- Trojan.Zbot!gen4 <o p=""></o>
- Trojan.Zbot!gen5 <o p=""></o>
- HTTP Trojan Zbot Domain (IPS) <o p=""></o>
- HTTP Zbot Malicious File Download (IPS)<o p=""></o>
In depth information on Zeus is available here:
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/zeus_king_of_bots.pdf
and here:
http://www.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits
Kevin
<o p=""></o>