Tag Archive for: SpiderLabs

Hacker Code

Social media users around the world have reason to be concerned as nearly two million login credentials have been found online by security researchers this week. The credentials included those for the largest social media platforms including Facebook, Google, Yahoo, LinkedIn, and Twitter.

Researchers from Trustwave’s SpiderLabs division posted a blog post reporting the information they found online after using the source code of a botnet controller, a controller for a collection of internet-connected programs, called Pony.

With that data the researchers were able to trace information connected to data-stealing capabilities and they discovered a massive collection of passwords from many of the biggest websites and social media services. In total 1.58 million website login details were stolen, along with 320,000 email account credentials, 41,000 FTP logins, and 3,000 Remote Desktop credentials.

The researchers believe the attack came from the Netherlands, based on a proxy server there which was operating as an intermediary between infected machines and the overseeing command-and-control server botnet.

“This technique of using a reverse proxy is commonly used by attackers in order to prevent the command-and-control server from being discovered and shut down. Outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down,” they wrote.

“While this behaviour is interesting in and of itself, it does prevent us from learning more about the targeted countries in this attack, if there were any.”

While they were at it, the researchers took the time to analyze the data and see what the most common passwords were. The results are depressingly unsurprising.

The most used password was the standard 123456 password, with 15,820 accounts using the simple code. The second and third most used passwords were variations on this, with 123456789 and 1234 filling the respective slots. ‘Password’ was the fourth most common password, and 12345 came in fifth. Sadly, it seems many will never learn to start using more difficult passwords.