{"id":4172,"date":"2013-12-04T19:39:38","date_gmt":"2013-12-05T00:39:38","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=4172"},"modified":"2013-12-04T19:39:38","modified_gmt":"2013-12-05T00:39:38","slug":"botnet-snatches-2-million-logins-for-facebook-adp-and-other-sites","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/12\/04\/botnet-snatches-2-million-logins-for-facebook-adp-and-other-sites\/","title":{"rendered":"Botnet snatches 2 million logins for Facebook, ADP, and other sites"},"content":{"rendered":"<p>Two million logins and passwords from services such as Facebook, Google and Twitter have been found on a Netherlands-based server, part of a large botnet using controller software nicknamed \u201cPony.\u201d<\/p>\n<p>Another company whose users\u2019 login credentials showed up on the server was ADP, which specializes in payroll and human resources software, wrote Daniel Chechik, a security researcher with Trustwave\u2019s SpiderLabs.<\/p>\n<p>It\u2019s expected that cybercriminals will go after main online services, but \u201cpayroll services accounts could actually have direct financial repercussions,\u201d he wrote.<\/p>\n<p>ADP moved $1.4 trillion in fiscal 2013 within the U.S., paying one in six workers in the country, according to its website.<\/p>\n<p style=\"text-align:center;\"><a href=\"http:\/\/www.pcworld.com\/article\/2068880\/logins-stolen-from-facebook-google-adp-payroll-processor.html\"><img data-recalc-dims=\"1\" decoding=\"async\" alt=\"\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2013\/12\/id-2068880-trustwave-100155050-large.jpg\" \/><\/a><\/p>\n<p>Facebook had the most stolen credentials, at 318,121, followed by Yahoo at 59,549 and Google at 54,437. Other companies whose login credentials showed up on the command-and-control server included LinkedIn and two Russian social networking services, VKontakte and Odnoklassniki. The botnet also stole thousands of FTP, remote desktop and secure shell account details.<\/p>\n<p>It wasn\u2019t clear what kind of malware infected victims\u2019 computers and sent the information to the command-and-control server.<\/p>\n<p>Trustwave found the credentials after gaining access to an administrator control panel for the botnet. The source code for the control panel software, called \u201cPony,\u201d was leaked at some point, Chechik wrote.<\/p>\n<p>The server storing the credentials received the information from a single IP address in the Netherlands, which suggests the attackers are using a gateway or reverse proxy in between infected computers and the command-and-control server, he wrote.<\/p>\n<p>\u201dThis technique of using a reverse proxy is commonly used by attackers in order to prevent the command-and-control server from being discovered and shut down\u2014outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down,\u201d Chechik wrote.<\/p>\n<p>Information on the server indicated the captured login credentials may have come from as many as 102 countries, \u201cindicating that the attack is fairly global,\u201d he wrote.<\/p>\n<p>via <a href=\"http:\/\/www.pcworld.com\/article\/2068880\/logins-stolen-from-facebook-google-adp-payroll-processor.html\" target=\"_blank\">Botnet snatches 2 million logins for Facebook, ADP, and other sites | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two million logins and passwords from services such as Facebook, Google and Twitter have been found on a Netherlands-based server, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[6,7],"tags":[142,347,424,451,655,1267],"class_list":["post-4172","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","tag-botnet","tag-facebook","tag-google","tag-hacked","tag-malware","tag-yahoo-twitter"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-15i","jetpack-related-posts":[{"id":8771,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/12\/07\/microsoft-global-law-enforcement-agencies-disrupt-dorkbot-botnet\/","url_meta":{"origin":4172,"position":0},"title":"Microsoft, global law enforcement agencies disrupt Dorkbot botnet","author":"NCCT","date":"December 7, 2015","format":false,"excerpt":"By Shawn Knight | Techspot Microsoft, in cooperation with a number of law enforcement agencies around the world, managed to disrupt a botnet that\u2019s infected over a million PCs across more than 190 countries. First discovered in April 2011, Dorkbot is an IRC-based botnet that has been commercialized by its\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5943,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/11\/facebook-helped-shut-down-lecpetex-botnet-responsible-for-turning-pcs-into-litecoin-miners\/","url_meta":{"origin":4172,"position":1},"title":"Facebook helped shut down &#8216;Lecpetex&#8217; botnet responsible for turning PCs into Litecoin miners","author":"NCCT","date":"July 11, 2014","format":false,"excerpt":"Law enforcement officials in Greece recently arrested two people last week that they believe were responsible for operating a botnet called Lecpetex. The hackers reportedly infiltrated up to 50,000 Facebook accounts and some 250,000 computer which were used to mine Litecoins, a popular alternative virtual currency similar to Bitcoins. As\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8453,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/07\/07\/zeusvm-malware-building-tool-leak-may-cause-botnet-surge\/","url_meta":{"origin":4172,"position":2},"title":"ZeusVM malware building tool leak may cause botnet surge","author":"NCCT","date":"July 7, 2015","format":false,"excerpt":"The Internet could see a new wave of botnets based on the ZeusVM banking Trojan after the tools needed to build and customize the malware program were published online for free. The source code for the builder and control panel of ZeusVM version 2.0.0.0 was leaked sometime in June, according\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8923,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/17\/this-botnet-has-infected-nearly-a-million-devices-since-2014\/","url_meta":{"origin":4172,"position":3},"title":"This botnet has infected nearly a million devices since 2014","author":"NCCT","date":"May 17, 2016","format":false,"excerpt":"By Shawn Knight | TechSpot One of the many ways that cybercriminals earn income is through affiliate advertising programs like Google\u2019s AdSense. Rather than generate traffic through content creation, hackers figure out ways to trick advertising platforms into thinking a partner is sending them legitimate traffic. Not knowing they're being\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5750,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/11\/one-click-test-finds-gameover-zeus-infections-on-pcs\/","url_meta":{"origin":4172,"position":4},"title":"One-click test finds Gameover Zeus infections on PCs","author":"NCCT","date":"June 11, 2014","format":false,"excerpt":"Users can test by simply visiting a Web page if their computers have been infected with Gameover Zeus, a sophisticated online banking Trojan that law enforcement officers temporarily disrupted last week. The one-click test was developed by security researchers from antivirus vendor F-Secure and takes advantage of the malware\u2019s aggressive\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9277,"url":"https:\/\/nccomputertech.com\/techtalk\/2017\/12\/17\/this-week-in-tech-645-not-a-bright-guy\/","url_meta":{"origin":4172,"position":5},"title":"This Week in Tech 645: Not a Bright Guy","author":"NCCT","date":"December 17, 2017","format":false,"excerpt":"https:\/\/youtu.be\/PPtupeFP1HU FCC cancels Net Neutrality and Ajit Pai mocks protesters. Apple's new iMac Pro costs a minimum of $4999 and goes up from there. Disney buys 21st Century Fox, gaining X-Men, Fantastic Four, and A New Hope, along with a 60% share of Hulu. Google cancels Tango as ARCore picks\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/PPtupeFP1HU\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/4172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=4172"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/4172\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=4172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=4172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=4172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}