Security experts have found a network of 74,000 virus-infrected computers

Security experts have found a network of 74,000 virus-infected computers that stole information from inside corporation and goverment agencies. The unusual thing about the incident is no that it happended but that it was discovered, and it is a reminder of the dangers of having computers with sensitive data connected to the open internet.

More than 2,400 organizations, including financial institutions, energy companies and federal agencies, were infiltrated by the "botnet," according to NetWitness Corp. the security firm that discovered it.

NetWitness didn't name the companies or agencies whose computers were compromised. The Wall Street Journal said the affected companies included Merck & Co., Cardinal Health Inc. Merck said in a statement Thursday that one computer is the company was among those in the botnet but no sensitive information was taken. The other three companies didn't return calls seeking comments Thursday.

The victims don't sppear to have been targets, unlike the recent computer attacks on Google Inc. that prompted the internet search leader to threaten to pull its buisness out of China. That's an important distinction because it shows how online secrets can fall into the wrong hands even when criminals aren't necessarily looking for them

"This kind of stuff is out there and it's pervasive," said Amit Yoran, CEO of NetWitness and fromer cybersecurity chief at the Department of Homeland Security. Parts of the botnet discovered by his firm are probably still active. He said the network sppears to be run from computers in Easter Europe and China, but it's not certain the perpetrators are there.

Botnets are networks of poisoned PCs that are remotely controlled by hackers and behave like their criminal robots. The PCs are often infected when their owner visit bad Web sites or open malicious e-mail attachments.

Botnets are a major tool for cybercrime. They help criminals amass troves of stolen data taht they can sell on the black market or use to yank money from vicitm's bank accounts.

The biggest on record is the one created by the Conficker worm. That infrected anywhere from 3 million to 12 million PCs running Microsoft Corp.'s Windows operating system and is still active.

The botnet NetWitness discovered use malicious softwares called "Zeus" that steals password and other online credentials. It's primarily focused on poaching Internet banking data and is well known by security experts.

That fact that so many companies and governmnet agencies were hit appears to have been incidental. Yoran said the attacks were seeking specific information rather than hitting specific oragnizations.

Still, they were very successful, snatching more than 68,000 credentials over four weeks. Most of those credentials were log-in details for Facebook and Yahoo and other personal e-mail services. On the face of it, those aren't most sensitive peices of information, but they can hold the keys to ulocking other types of online accounts and private data.