Downloads: Free Remote Support: Click here  Remote Monitoring: Click here


<a href="/news/social-media-users-compromised-by-poly-malware" title="Social Media Users Compromised by Poly Malware">Social Media Users Compromised by Poly Malware</a>
Posted on: 05 Dec 2013 

Posted By:

Social Media Users Compromised by Poly Malware


More than two million accounts from popular social media sites such as Facebook, Twitter, LinkedIn, and Google have been compromised in an attack by a derivative of the Pony malware.

According to new research from Trustwave, the attack has seen hackers steal website login credentials from various web services over the past month, as well as a variety of email, FTP, remote desktop, and SSH account details.

Speaking on its Spiderlabs blog, Trustwave said that the attack was mostly aimed at Russian-speaking websites and services, with much of the command and control traffic of compromised account credentials revealed to be from the Netherlands. However, the company also confirmed that hackers targeted users worldwide, with countries such as the United States, Germany, Thailand, Singapore and others affected.

“In comparison to the last instance of Pony that we talked about, with statistics that looked like a hit-and-run operation, this one spiked at the beginning but was otherwise fairly stable and consistent in its daily ‘revenue’” said the post on the Spiderlabs blog.

“As one might expect, most of the compromised web logins belong to popular websites and services such as Facebook, Google, Yahoo, Twitter, LinkedIn, etc.”

Of the compromised accounts, Facebook accounted for 57% of all stolen credentials, followed by Yahoo (10%), Google (9%), and Twitter (3%).

Trustwave were keen to add that, despite passwords linked to popular social media sites being compromised, this is not as a result of any weakness in the networks of those companies.

“Individual users had the malware installed on their machines and had their passwords stolen,” Trustwave spokesperson Abby Ross told tech website Mashable.

“Pony steals passwords that are stored on the infected users' computers as well as by capturing them when they are used to login to web services.”

It is important to note that no passwords were ever published online.

Weak passwords

In its analysis of the credentials, Trustwave revealed ‘weak’ passwords, one of the most common being ‘123456’. ‘11111’ and ‘1234’ were also popular as was the use of the word ‘password’. In terms of usernames, a large proportion of users were found to be using ‘admin’.

“In our analysis, passwords that use all four character types and are longer than 8 characters are considered 'excellent', whereas passwords with four or less characters of only one type are considered 'terrible',” Trustwave wrote. “Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the medium category.”

Malware prevention

This attack, while mostly aimed at Russian language websites, serves as a timely reminder for users in the UK to take more care in creating passwords and use combinations of lower and upper case letters and alphanumeric characters on accounts.

It is also a clear indication that Pony malware is still a real threat. Fortunately, as Pony is a known infection, users can prevent themselves from becoming a target by installing cloud web security and utilising the advanced antivirus protection.

If it is not targeting the UK already, this particular derivative of Pony malware soon will be. Make sure you are protected by strengthening passwords and purchasing Cloud Web Security today. 

The Register