Full text

Note: Data security expert Alex Cox tells how banks can protect themselves against the Kneber botnet he discovered that the Wall Street Journal announced today, that has infected 75,000 computers at 2,500 organizations around the world, and that is still active.

You may have seen the story in today's Wall Street Journal or the news we ran this morning on the www.banktech.com website about the massive, coordinated botnet attack NetWitness uncovered that's compromised computers at 2,500 organizations, some of which are financial institutions. We were fortunate to get an exclusive interview this morning with Alex Cox, who discovered the attack and is principal analyst at NetWitness. We asked Cox what can banks do to prevent such attacks and block criminals who have stolen credentials via this type of botnet from using them to do online banking, credit card payments and other bank transactions.

BS&T: It seems our readers have two major worries here: (a) have any of their servers been affected by the Kneber botnet and (b) are criminals using these stolen credentials to access online banking applications, credit card systems, etc. Can you give us a sense of how many financial institutions have been affected by the Kneber botnet so far?

Cox: I don't have any specific numbers of financial institutions, there are a few. Zeus, this particular family of botnet, is a huge issue for online banking fraud. In a previous job at a bank, we responded to many Zeus infections on customers' machines, and without a doubt these machines and others like them are being used at every bank for online fraud. In the white paper we wrote, there's a huge list of banks that have been targeted by this type of malware. All the big banks are represented.

BS&T: So this is not a brand-new type of incident. Is it larger than incidents you've seen in the past?

Cox: In the grand scheme of things, compared to botnets...