TAHADHARI KWA MITANDAO YA KIJAMII :Facebook, Twitter & Google Passwords At Risk As Cyber Thieves Unleash 'Pony' Malware

Nearly two million people have had to change their passwords to social networking sites, email services and even a payroll provider after researchers found their credentials on a server controlled by cyber thieves two weeks ago. And that theft may be just the tip of the iceberg.

“We got access to one command and control server,” said John Miller, security research manager at Trustwave, a web security company. “Unfortunately, there are many of these command and control servers, and we don’t have an exact count. So while we were able to access this one and recover the passwords from it, there are still many more out there that are actively stealing people’s passwords.”

Miller and his team of ethical hackers at Trustwave’s SpiderLabs notified companies like Facebook, Google, Twitter and payroll provider ADP of the breach. The companies in turn reset passwords and contacted affected users.

In an interview, Miller said researchers believe the victims were infected either by clicking on an attachment in an email that downloaded the malicious code or by clicking through to a website that then installed Pony on their machines. Pony only works on Windows, so Mac users were not affected.

Once installed on a machine, Pony scanned it for stored passwords. Pony would also begin monitoring web traffic in order to identify the traffic associated with logging in. When Pony detected a login in progress, it scooped up the credentials.

Miller said Pony stands apart from other malware in its effectiveness in stealing passwords. “One of the more surprising parts is how quickly it has been able to spread,” Miller added. “These servers are only up for a few days, and we see they have already collected hundreds of thousands to millions of accounts.”

Researchers at Trustwave first came across Pony about a year ago. Miller said the creator of Pony sells the code on the black market as a tool to give other people the ability to steal passwords. Pony’s customers then resell the stolen passwords. “Pony is part of a very complex business ecosystem,” Miller said.

Even if Pony is widespread, people with up-to-date antivirus and malware software should be ok, however. Those programs should be able to detect Pony running in a PC’s memory, Miller said. If a person is unlucky enough to have become infected, Miller advised that he or she change his or her password from another machine.

People may also want to consider adding two-factor authentication, which typically blocks access to an online account until the account owners verify themselves by entering a pin that is sent to their phones. Source: Forbes.com