{"id":4172,"date":"2013-12-04T19:39:38","date_gmt":"2013-12-05T00:39:38","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=4172"},"modified":"2013-12-04T19:39:38","modified_gmt":"2013-12-05T00:39:38","slug":"botnet-snatches-2-million-logins-for-facebook-adp-and-other-sites","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/12\/04\/botnet-snatches-2-million-logins-for-facebook-adp-and-other-sites\/","title":{"rendered":"Botnet snatches 2 million logins for Facebook, ADP, and other sites"},"content":{"rendered":"

Two million logins and passwords from services such as Facebook, Google and Twitter have been found on a Netherlands-based server, part of a large botnet using controller software nicknamed \u201cPony.\u201d<\/p>\n

Another company whose users\u2019 login credentials showed up on the server was ADP, which specializes in payroll and human resources software, wrote Daniel Chechik, a security researcher with Trustwave\u2019s SpiderLabs.<\/p>\n

It\u2019s expected that cybercriminals will go after main online services, but \u201cpayroll services accounts could actually have direct financial repercussions,\u201d he wrote.<\/p>\n

ADP moved $1.4 trillion in fiscal 2013 within the U.S., paying one in six workers in the country, according to its website.<\/p>\n

\"\"<\/a><\/p>\n

Facebook had the most stolen credentials, at 318,121, followed by Yahoo at 59,549 and Google at 54,437. Other companies whose login credentials showed up on the command-and-control server included LinkedIn and two Russian social networking services, VKontakte and Odnoklassniki. The botnet also stole thousands of FTP, remote desktop and secure shell account details.<\/p>\n

It wasn\u2019t clear what kind of malware infected victims\u2019 computers and sent the information to the command-and-control server.<\/p>\n

Trustwave found the credentials after gaining access to an administrator control panel for the botnet. The source code for the control panel software, called \u201cPony,\u201d was leaked at some point, Chechik wrote.<\/p>\n

The server storing the credentials received the information from a single IP address in the Netherlands, which suggests the attackers are using a gateway or reverse proxy in between infected computers and the command-and-control server, he wrote.<\/p>\n

\u201dThis technique of using a reverse proxy is commonly used by attackers in order to prevent the command-and-control server from being discovered and shut down\u2014outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down,\u201d Chechik wrote.<\/p>\n

Information on the server indicated the captured login credentials may have come from as many as 102 countries, \u201cindicating that the attack is fairly global,\u201d he wrote.<\/p>\n

via Botnet snatches 2 million logins for Facebook, ADP, and other sites | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Two million logins and passwords from services such as Facebook, Google and Twitter have been found on a Netherlands-based server, […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[6,7],"tags":[142,347,424,451,655,1267],"class_list":["post-4172","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","tag-botnet","tag-facebook","tag-google","tag-hacked","tag-malware","tag-yahoo-twitter"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-15i","jetpack-related-posts":[{"id":9343,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/05\/27\/this-week-in-tech-668-how-many-cups-in-a-stone\/","url_meta":{"origin":4172,"position":0},"title":"This Week in Tech 668: How Many Cups in a Stone?","author":"NCCT","date":"May 27, 2018","format":false,"excerpt":"https:\/\/youtu.be\/i1oqaFyVcQ0 --The FBI wants you to reboot your router right now. FBI agents have gained control of a huge Russian botnet. If your router is affected you just need to reboot it. --Facebook and Russian ads - how should government react in the age of cyber warfare? --Amazon sells facial\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/i1oqaFyVcQ0\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9403,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/10\/01\/older-than-the-mini-jack-this-week-in-tech-686\/","url_meta":{"origin":4172,"position":1},"title":"Older Than the Mini Jack – This Week in Tech 686","author":"NCCT","date":"October 1, 2018","format":false,"excerpt":"https:\/\/youtu.be\/a2BeanU0FsU Facebook breach, Elon\u2019s costly tweet, Google turns 20, and more. --How to tell if your Facebook account is one of the 50 million that were hacked this week --Why the founder of Instagram left Facebook --\"Funding secured\" tweet costs Elon Musk his chairmanship and $40 million --Google turns 20\u2026","rel":"","context":"In "Social Media"","block_context":{"text":"Social Media","link":"https:\/\/nccomputertech.com\/techtalk\/category\/social-media\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/a2BeanU0FsU\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9526,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/03\/03\/outrage-moms-this-week-in-tech-708\/","url_meta":{"origin":4172,"position":2},"title":"Outrage Moms – This Week in Tech 708","author":"NCCT","date":"March 3, 2019","format":false,"excerpt":"https:\/\/youtu.be\/rzRHMGNsnyI The end of smart-phones, AI fake people, Elon in the ditch again, and more. -- MWC 2019 and the Future of Smartphones and Wearables -- This Person Does Not Exist -- OpenAI and the Text Generator Too Dangerous to Exist -- Outrage Mobs and Twitter -- China's Social Credit\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/rzRHMGNsnyI\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9291,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/01\/22\/this-week-in-tech-650-frumpy-rump\/","url_meta":{"origin":4172,"position":3},"title":"This Week in Tech 650: Frumpy Rump","author":"NCCT","date":"January 22, 2018","format":false,"excerpt":"https:\/\/youtu.be\/HSn_18byc6k EVs and self-driving cars at CES and the Detroit Auto Show. The first cashierless Amazon Go shop opens January 22nd. Apple HomePod is nearly here. Apple hands out $2500 employee stock bonuses as part of its huge cash repatriation plan. Google wants your selfies. Facebook wants you to tell\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/HSn_18byc6k\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9514,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/01\/27\/algorithms-are-people-too-this-week-in-tech-703\/","url_meta":{"origin":4172,"position":4},"title":"Algorithms are People, Too – This Week in Tech 703","author":"NCCT","date":"January 27, 2019","format":false,"excerpt":"https:\/\/youtu.be\/MlQpW0nWEiE 2019 Tech Predictions, CRISPR Babies, Amazon Scout, Foldable Phones, and More! -- WhatsApp, Instagram, Facebook Messenger to Merge -- 2019 Predictions- Amazon Will Rise, Twitter Will Fall -- CRISPR Babies Confirmed -- Amazon Scout Will Usher in the Age of Autonomous Delivery -- France Fines Google 50M Euros --\u2026","rel":"","context":"In "Social Media"","block_context":{"text":"Social Media","link":"https:\/\/nccomputertech.com\/techtalk\/category\/social-media\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/MlQpW0nWEiE\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9393,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/08\/19\/this-week-in-tech-680-hacky-hack-hack\/","url_meta":{"origin":4172,"position":5},"title":"This Week in Tech 680: Hacky Hack Hack","author":"NCCT","date":"August 19, 2018","format":false,"excerpt":"https:\/\/youtu.be\/7ClMz3MkTJk This Week in Tech Elon's Twitter addiction, $1200 iPhone XS+, Movie Pass Fail, Pai's lie, and more. --Leave Elon alone! Tesla tumbles after Musk laments his \"most difficult and painful year.\" --Google employees revolt over China rumors; town hall meeting shut down due to \"kerfuffle\" tweets. --Apple thinks that\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/7ClMz3MkTJk\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/4172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=4172"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/4172\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=4172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=4172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=4172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}