Trustwave‘s SpiderLabs delved into source code from the Pony botnet and made some staggering discoveries. The botnet managed to steal credentials for; 1.58 million websites, 320,000 email accounts, 41,000 FTP accounts, 3,000 remote desktops and 3,000 secure shell accounts.
Further research into the domains from which those passwords were stolen, Facebook was the most popular; it accounted 57 percent or 318,121. Yahoo came in second with approximately 60,000, followed by Google Accounts (54,437), Twitter (21,708) and Google.com (16,095). And professionals were also made unsecure, as also on the list was LinkedIn with 8,490 passwords stolen.
The Pony Botnet used a reverse proxy to avoid being detected and it continued the scam as long as possible. Trustwave said, “Outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down…While this behaviour is interesting in-and-of itself, it does prevent us from learning more about the targeted countries in this attack, if there were any.”
Trustwave also didn’t have more details about how passwords were obtained but the data however revealed, that many people need to create better and more complex passwords. Almost 16,000 accounts used “123456″ as their passwords, and 2,212 used the word “password” and 1,991 used the word “admin.” Trustwave says overall, only 5 percent of the 2 million passwords are what they consider to be excellent (passwords that use all four character types and are longer than 8 characters).
With organised criminal activities on the rise and the use and misuse of social media such as Facebook and Twitter becoming so prevalent in today’s world, it does make good sense to use excellent passwords to secure your data, doesn’t it?
According to researchers, scammers have scooped up more than 2 million passwords for sites like Facebook, Google, and Yahoo, but it appears that the data was stolen via malware-infected machines rather than a hack of those companies' systems.
Trustwave's SpiderLabs dug into source code from the Pony botnet, which was recently made public, and made some startling discoveries. The botnet managed to steal credentials for: 1.58 million websites; 320,000 email accounts; 41,000 FTP accounts; 3,000 remote desktops; and 3,000 secure shell accounts.
Looking at the domains from which those passwords were stolen, Facebook was most popular, accounting for 318,121, or 57 percent. Yahoo came in second with about 60,000, followed by Google Accounts (54,437), Twitter (21,708), and Google.com (16,095). Also on the list was LinkedIn (8,490 passwords) and payroll provider ADP (7,978), which Trustwave said was surprising. "Facebook accounts are a nice catch for cyber criminals, but payroll services accounts could actually have direct financial repercussions," the firm wrote in a blog post.
The presence of Russian social networks vk.com and odnoklassniki.ru on the list, meanwhile, "probably indicates that a decent portion of the victims comprised were Russian speakers," Trustwave said.
The Pony Botnet used a reverse proxy to avoid detection and continue the scam as long as possible. "Outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down," Trustwave said. "While this behavior is interesting in-and-of itself, it does prevent us from learning more about the targeted countries in this attack, if there were any."
Trustwave also didn't have more details about how passwords were obtained; it's possible the malware logged keystrokes. The data did reveal, however, that many of you need to step up your password game. Almost 16,000 accounts used "123456" as their passwords, while 2,212 used "password" and 1,991 used "admin."
Overall, only 5 percent of the 2 million passwords are what Trustwave considers to be excellent - passwords that use all four character types and are longer than 8 characters. Another 17 percent are good, 44 percent are medium, 28 percent are bad, and 6 percent are terrible.
Source : TechBeat News, PCMag
0 comments:
Post a Comment