Two Million Passwords Compromised By Keylogger Virus 174
Ocean Consulting writes "CNN is reporting that over two million passwords from web service companies such as Google, Facebook, Twitter and Yahoo have been captured via a key logging virus. The story is based on information released by security firm Trustwave. The report critiques how bad people are at making secure passwords, but does mention the use of Pony Botnet Controller."
Tell us more about the virus! (Score:4, Interesting)
Re:OMG Pony BotNet! (Score:4, Interesting)
Got to be a whole freaking lot better than the 8 characters stuff even with various cases, numbers and symbols.
I love how people with a clue suggest people use different passwords everywhere and then more or less every single page in the universe require you to have a freaking login and often don't use any central stuff for doing so (somewhat better now with facebook and Google then again do I really want to connect my accounts that way?)
Guess a certificate / private key and password isn't all that much better but it's way more convenient.
Re:More conspiracy bullshit (Score:5, Interesting)
And how many ordinary companies making a routine purchase of seemingly ordinary keyboards test them in labs for key loggers?
Commercial keyloggers (including devices like black market skimmers) can use GPRS cards, they can scout for open WiFi access points and transmit their payload once a day at 2:00 AM, or they can sit on a whole file waiting for a harvester to show up and retrieve the data via Bluetooth, 900 mHz, or some other wireless technology. The retrieval patterns are designed to evade detection.
The only people investigating this stuff today are forensic investigators hired by people who are already victims, and independent security firms with nothing better to do.