NEW YORK and HERNDON, Va. (2/19/10)--During the past 18 months nearly 75,000 computers at about 2,500 companies and government agencies have been hacked in what computer security experts say is a coordinated global attack (The Wall Street Journal Feb. 18). And the attacks are still operating. More than 374 are U.S.-based organizations, said NetWitness Corp., a Herndon, Va.-based company that uncovered the Kneber botnet attack last month (ComputerWorld Feb 18). Kneber, which began in Germany, is a variation of the Zeus botnet. It is working in tangent with another bot, the Waledac, making taking down the malicious software more difficult. Companies compromised in the U.S. include Fortune 500 companies; local, state and federal government agencies; Internet service providers, and educational institutions. The Wall Street Journal named pharmaceutical company Merck & Co., Cardinal Health Inc., Paramount Pictures, and software company Juniper Networks Inc. as among the companies with compromised computers. It is not known if credit unions are directly involved, but data stolen include banking information such as login credentials mainly for financial accounts, credit-card transactions and intellectual property. However, NetWitness Corp. told Computerworld the bot also appears to be harvesting other kinds of information that suggest Zeus is being put to broader uses than just stealing bank credentials. The Wall Street Journal reported that in more than 100 instances, hackers gained access to corporate servers storing large quantities of business data such as company files, databases and e-mails. Computers of at least 10 government agencies were accessed. For some companies, enterprise systems were compromised as a result of "drive-by downloads," while others were targets of "spear phishing" campaigns designed to get individuals to open up e-mails with malicious links and attachments. More than half the machines infected are also infected with a peer-to-peer bot called Waledac, with the Kneber bot actively logging Waledac activitiy and downloading it to machines it has infected. This makes it harder to take down both bots. When one is removed, it triggers another to insert it back into the compromised system. NetWitness said that rival cyber gangs are teaming up in the cyberattacks. The news comes just after Google Inc. disclosed it and more than 20 other companies had been breached by hackers from China. The hacking affected 196 countries, with the highest concentration of infected computers in Egypt, Mexico, Saudi Arabia, Turkey and the U.S.