Pony botnet steals passwords directly from your computer: SSO Alert Priority Moderate
6 December 2013
Cyber criminals have used a botnet to steal logon information for approximately 2 million people affecting a variety of sites including Facebook, LinkedIn, Twitter, Google and payroll service ADP.
The stolen credentials are not believed to have been publicly posted, they were discovered by researchers from security firm Trustwave, who were able to access a command and control server used by the attackers to administer the botnet.
Botnets are networks of computers, called bots, that have been compromised by cyber criminals. The computers could belong to anyone connected to the internet, from home users to businesses – including yours.
Unlike a more traditional breach where data is stolen from a company’s website by hacking the site, this botnet stole the logon information from each of the individual computers in the botnet, and then sent that information back to the command and control server.
In this case, malware known as Pony was used to compromise each of the computers to form the botnet. The malware captures information as the user enters it online.
As a precaution Facebook has indicated it has already reached out to its users identified from the stolen data, requiring them to change their passwords. Other organisations involved may take similar action.
Although Australia was not mentioned in the summary reporting, analysis of the information stolen indicates it comes from more than 100 countries.
How to avoid becoming part of a botnet
As with any malware, the easiest and best approach is prevention.
A computer that is fully patched, with an up to date operating system, up to date applications, and running up to date antivirus software is far less likely to be vulnerable to malware—including those used for botnets. Many botnets target computers running out of date operating systems or software, something which could easily be avoided.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.