Popular with web users the world over, social media sites have become something of a staple for all our online lives, but it seems that a handful of enterprising cybercriminals have tapped into that. As reported by the Independent, over two million passwords for social media sites belonging to users all over the world have been stolen as part of a botnet.
Using malware in the form of keylogger software, the Pony botnet had managed to take passwords along with other forms of account authentication for sites including Facebook, Twitter, Google Plus and Yahoo. Research undertaken into the Botnet’s effectiveness found that many of the passwords and other data was published online, revealing some rather disturbing trends in the process.
Widespread Theft
The Pony botnet’s effect was spread far and wide. Although over 96% of passwords and other credentials stolen came from IP addresses in the Netherlands, some of the affected sites included Russian language social network vk.com, which has millions of users. Such attacks do happen from time to time, but it’s rare that a number as high as two million unwittingly join a botnet.
Pony was created in order to steal passwords and other credentials by adding different machines worldwide to it. Using malware, it manages to ensnare a machine into the botnet, allowing the operators to take passwords and the like and change them in order to prevent access by the account holder in future. Then, the passwords are sold to other criminals who use them for their own gain.
Being too simple?
Looking into the passwords stolen, it seems that many of them share one common characteristic – they’re far too simple. Among the list, common ones included ‘password’, ‘1234’ and, amazingly, ‘1’. The number of simple passwords stolen by Pony far outweighed the more complicated ones, but there were a few which may have seemed harder to crack.
“This just goes to show about the importance of endpoint security combined with a strong password. Even the strongest password is worthless if the endpoint it is being used on is either untrusted or trusted but insecure allowing a bonnet such as Pony to be run on it and the subsequent password key logger”, commented Andrew Mason, security expert for RandomStorm.
“Once the key logger is installed it is very easy to harvest usernames and passwords for whatever the user types in during the course of their normal day. By ensuring proper endpoint security and at a minimum patching and up to date AV deployment these types of attacks can be totally eliminated.
“The second area of concern from the article is the use of weak passwords. Again, without a strong password it makes the job of a hacker so much easier being able to use an automated tool to crack many passwords per second”, he added.
Using endpoint security may be the best way for people to prevent being drawn into botnets. For the time being, social media users are being advised to amend their passwords and security settings.