Compromised Google, Facebook, Twitter Password is the Least of your Problems

American news media and blog sites have been flooded with warnings from cyber do-gooders for everyone to change their Google, Facebook, Yahoo and Twitter passwords after more than 2 million accounts have been compromised.

But if your system was one that was compromised, changing your password is the least of your worries.

Trustwave Spiderlabs announced on Tuesday that a Russian Pony Botnet server has been identified that had stolen credentials for about 2 million accounts. But this isn’t that big of a deal to Americans as of these, the mass majority were from systems in the Netherlands:

Only a tenth of a percent of systems affected were in America, for a grand total of 1,943 accounts!

And boys and girls, this is a Russian botnet server, which means that if your account is one that has been compromised by the botnet, guess what?

Your machine is most likely still infected with a keylogging, account stealing Trojan!

You may want to scan it for viruses and get that botnet client off your system!

This is not the only Pony Botnet Server out there either. In June SpiderLabs found a smaller one that had 650,000 credentials on it.

And while we are talking passwords, unbelievably, it looks like people are still using simple passwords on their social media accounts.

Here are a list of the top 10 passwords used according to SpiderLabs Analysis:

The number one password used was “123456”…

Crazy…

Advertisements

Russian Authorities take down World’s Largest Banking Botnet

Russia’s Ministry of the Interior (MVD) announced on Friday that their special computer crimes “Department K” division took down what could be one of the largest botnets in the world. The botnet encompassed an approximate 6 Million devices with 4.5 million of them being computers.

After a 10 month investigation, Russian authorities arrested a 22 year old Russian who seemed to be the creator of the Botnet:

The operative and investigative activities conducted revealed that the criminal activities were committed by a 22-year-old young man who is widely known in the hacker community under the nicknames of “Germes” and “Arashi”.

The young man was not only developing bot-networks and massively distributing malicious programs but also personally took part in stealing funds from accounts of individuals and legal entities.

The suspect worked together with a group of partners and together stole over 150 Million Rubles ($4.5 Million) using Banking based Botnets:

The criminal’s target was computers with the software “Bank-Client” installed on them. To infest them and further steal funds, he used programs such as Carberp of various modifications. Having obtained logins, passwords and digital signatures in this way, he transferred money allegedly on behalf of citizens and organizations to accounts of shell companies. Further on, the funds were transferred to plastic card accounts and cashed in automated teller machines.

According to the report almost all of the infected devices were located within the Russian Federation.

Mac Virus “Backdoor.Flashback” Patch and Removal

Last week, Russian Anti-Virus company Doctor Web, found that the Flashback Mac Trojan has infected almost 600,000 systems. With many of those infected located in the US (see above chart from Dr. Web). The large infection rate has raised some eyebrows, especially since many believe that Macs can not get viruses.

The trojan uses a Java exploit to gain remote access, and possible keylogging capabilities. The malware programmers are targeting three seperate Java vulnerabilities in the attack.

Apple has since patched the vulnerability and according to an Apple security bulletin, the OS X Lion 2012-002 and Java for Mac OS X 10.6 Update 7 can be downloaded and installed via Software Update preferences, or from Apple Downloads.

Doctor Web has created an online tool to check to see if your machine is infected, and security software company F-Secure has released instructions on how to remove the virus if you are indeed infected.

Zeus Botnet Source Code Leaked to Internet

The source code for one of the worst botnets has been leaked to the internet according to eWeek. Zues or ZBot as it is also called is a trojan virus that steals banking credentials.

Formerly the botnet was for sale on the underground for about $5,000. But according to the article, the source code is now available freely:

The complete source code for the Zeus malware kit is being freely distributed as a ZIP file on several underground forums, Peter Kruse, a security researcher with Danish security firm CSIS, wrote on the company blog on May 9. Kruse downloaded the ZIP file, compiled the code and confirmed it worked “like a charm.”

Not only can the source code be compiled and ran by just about anybody, specific parts of the virus could be copied out and used in a completely different malware program.

For more information, see eWeek.