Pony botnet attack leaves 2M affected

Those affected by the botnet had their computers controlled and monitored in the background so their credentials could be stolen

PONY BOTNET. The botnet allowed a controller to steal user information from over 2 million accounts.

MANILA, Philippines – An online attacker wielding a reworking, or fork, of the Pony botnet program has left 2 million accounts compromised, prompting staff from affected social media sites to reset user logins for users hit by the attack.

A botnet is usually installed from malware sent to a large number of people. Those who fall for the trick and install the malware with the botnet become part of the network of compromised computers that can be controlled by a user with access to the botnet’s controls.

In this case, the Pony botnet installed keylogging tools in the compromised computers, allowing for their credentials to be recorded and taken at will by the controller. 

Security researchers at TrustWave said the following types of credentials were taken in the attack:

  • 1,580,000 website login credentials stolen
  • 320,000 email account credentials stolen
  • 41,000 FTP account credentials stolen
  • 3,000 Remote Desktop credentials stolen
  • 3,000 Secure Shell account credentials stolen

Trustwave’s analysis noted that 57% of the credentials stolen are for Facebook accounts. Yahoo, Google, Twitter, and LinkedIn accounts were also affected, among others.

Their analysis pointed to the possibility of many users not taking ample care of their online accounts. The most commonly used password was “123456” with variations on a straight number combination and “password” or “admin” being part of the list of common codes.

The researchers have made their data available to the relevant parties, and are sharing the analysis on their blog to remind those online to take more precautions when using their accounts. – Rappler.com