On-Premise Endpoint

Sophos Endpoint Software Kneber bot

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 4 replies
Subscribers 1 subscriber
Views 1271 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Kneber bot

Zlog over 14 years ago

What do you know about the so called "Kneber Bot" reported in the Washington Post? Does Sophos protect against it?

This thread was automatically locked due to age.

0 inbred over 14 years ago

Zlog,
Personally, I do not believe I am the best to respond, but here is what I have determined so far. Kneber is using an older version (1.2) of Zbot (aka ZeuS) to infect. I have found a great, quick read at :
http://www.computerworld.com/s/article/9159138/Kneber_just_another_botnet_
A quick discussion by Sophos re: Zbot is at:
http://www.sophos.com/blogs/sophoslabs/v/post/2090
But if you want to get a little scared, read this:
http://www.darkreading.com/security/antivirus/showArticle.jhtml?articleID=220000718
The next action item on my list is to map the Sophos names of the Zbot variants (A through ... I don't know) to the version number referenced in the first article. But, those links should mostly answer your question, even though I think some announcement from Sophos would provide a nice "warm fuzzy".
Enjoy!!
:1398
Cancel
Vote Up 0 Vote Down

Cancel
0 Johnstringer over 14 years ago

Check out:

http://www.sophos.com/blogs/gc/g/2010/02/19/zeus-kneber-botnet-unmasked/

Regards,

John
:1404
Cancel
Vote Up 0 Vote Down

Cancel
0 Zlog over 14 years ago

Thanks for your response.
:1408
Cancel
Vote Up 0 Vote Down

Cancel
0 Zlog over 14 years ago

Thanks John.
:1409
Cancel
Vote Up 0 Vote Down

Cancel