Forgot your password?
typodupeerror
Security

Two Million Passwords Compromised By Keylogger Virus 174

Posted by samzenpus
from the protect-ya-neck dept.
Ocean Consulting writes "CNN is reporting that over two million passwords from web service companies such as Google, Facebook, Twitter and Yahoo have been captured via a key logging virus. The story is based on information released by security firm Trustwave. The report critiques how bad people are at making secure passwords, but does mention the use of Pony Botnet Controller."
This discussion has been archived. No new comments can be posted.

Two Million Passwords Compromised By Keylogger Virus

Comments Filter:
  • by jader3rd (2222716) on Wednesday December 04, 2013 @08:24PM (#45603411)
    What security hole is the virus making use of? Is there something and end user should look out for? etc, etc?
  • Re:OMG Pony BotNet! (Score:4, Interesting)

    by aliquis (678370) <dospam@gmail.com> on Wednesday December 04, 2013 @08:56PM (#45603667) Homepage

    Got to be a whole freaking lot better than the 8 characters stuff even with various cases, numbers and symbols.

    I love how people with a clue suggest people use different passwords everywhere and then more or less every single page in the universe require you to have a freaking login and often don't use any central stuff for doing so (somewhat better now with facebook and Google then again do I really want to connect my accounts that way?)

    Guess a certificate / private key and password isn't all that much better but it's way more convenient.

  • by plover (150551) on Thursday December 05, 2013 @01:18AM (#45605169) Homepage Journal

    And how many ordinary companies making a routine purchase of seemingly ordinary keyboards test them in labs for key loggers?

    Commercial keyloggers (including devices like black market skimmers) can use GPRS cards, they can scout for open WiFi access points and transmit their payload once a day at 2:00 AM, or they can sit on a whole file waiting for a harvester to show up and retrieve the data via Bluetooth, 900 mHz, or some other wireless technology. The retrieval patterns are designed to evade detection.

    The only people investigating this stuff today are forensic investigators hired by people who are already victims, and independent security firms with nothing better to do.

"Silent gratitude isn't very much use to anyone." -- G. B. Stearn

Working...