Malware-Enabled ‘Pony’ Botnet Nabs 2 Million User Passwords
At least 2 million passwords for popular sites such as Google, Facebook, and Yahoo have been stolen using a botnet called “Pony,” according to a report from Trustwave’s SpiderLabs blog. The alarming data was discovered this week on a Netherlands-based server.
In addition to login information for online services, data that is often found in hacked databases, the researchers were surprised to discover account information from ADP, a leading payroll services company. Nearly 8,000 ADP passwords were reportedly exposed, an issue that could lead to “direct financial repercussions.”
Unlike recent hacks at Adobe and vBulletin, the information captured in the breach at hand wasn’t taken directly from the companies’ servers. Rather, the computers of individual users were infected with malware which logged user passwords and sent them to the hackers’ servers. This lead to the exposure of passwords for not just online services, but also to a multitude of personal and corporate FTP servers, remote desktop connections, and secure shell accounts.
The good news is that these types of individual attacks are not nearly as widespread as major attacks on service providers themselves. The bad news, however, is that it is difficult to identify and inform affected users. Malware of this nature often goes undetected and shows no symptoms under normal conditions. Therefore, even if users go out and change their passwords, the malware will simply record the new password and pass it along to its control server.
The best defense against these types of security vulnerabilities is to enable two-factor authentication, which is now offered by many major online services. The process requires two steps of authentication (usually a password coupled with an email or phone number) in order to log-in from a new computer or device. As long as hackers don’t have physical access to your cellphone, and haven’t also hacked your email, they won’t be able to log in using just a password.
Users are also urged to scan for Malware regularly, although users should be wary when choosing anti-malware software, as many options advertised online are actually hidden malware themsevles.