Slashdot Mirror

← Back to Stories (view on slashdot.org)

Two Million Passwords Compromised By Keylogger Virus

Posted by samzenpus on from the protect-ya-neck dept.

Ocean Consulting writes "CNN is reporting that over two million passwords from web service companies such as Google, Facebook, Twitter and Yahoo have been captured via a key logging virus. The story is based on information released by security firm Trustwave. The report critiques how bad people are at making secure passwords, but does mention the use of Pony Botnet Controller."

7 of 174 comments (clear)

  1. This is a key-logger issue by BringsApples · · Score: 3, Informative

    As far as we know, this thing happens all the time, and more than likely, these PCs that are infected, are infected by more than one key-logger. Update your antivirus is a moot point, because unless the 'virus' is known, then the antivirus folks cannot do anything about it anyway. By the time these things are found out, it's far to late anyway. There is no advise that can be given here, except, "Don't get a virus", which is silly to tell someone.

    --
    Politics; n. : A religion whereby man is god.
  2. Little hint please? by Zakabog · · Score: 5, Informative

    I'm looking for more technical information on this virus. Is there a collection of different key logging software all sending the passwords to the same proxy server? How does someone get infected by this virus? How about the IP addresses of the proxy servers so people can at least look for traffic from their firewalls?

    This article seems kind of useless other than to scare people into purchasing some protection, which conveniently the company writing the article sells!

  3. Re:Yeah, they all require an email address by Nerdfest · · Score: 4, Informative

    With your own domain and software like KeePassX, it's surprisingly easy. You never even have to type passwords or usernames. Once you get it set up it's actually even easier than using the same password everywhere, and vastly more safe.

  4. Re: Secure password vs keylogger. by MightyYar · · Score: 3, Informative

    Google and Facebook offer simple two-factor that works with any cellphone capable of SMS. Facebook also has a keygen built into their smartphone app. I wish everyone did this.

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  5. Re:Yeah, they all require an email address by formfeed · · Score: 5, Informative

    > should we setup a separate email address at google for each vendor account we create?

    You don't already use an alias? username+vendor@gmail.com

    Surprising how many scripts tell you that this is not a valid email address.

  6. Re: Secure password vs keylogger. by MightyYar · · Score: 4, Informative

    The keygen would still work, plus Google will let you print out one-time use codes that you can keep in your wallet. I have had to use those before. Google will also let you set up a phone number that it will ring with the code - and naturally your desk phone at work sounds like a pretty good candidate.

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  7. Re:My Bank Has The Solution: Mother's Maiden Name by whoever57 · · Score: 4, Informative

    Of late my bank has been on a new drive to irritate all customers under the guise of protecting our security.

    UK banks have introduced personal card readers. When prompted you insert your card into your own card reader, enter your PIN and then enter a number that the website gives you. You then enter into the web form the resulting number that your card reader provides. In this way, you have proven that you have physical access to your bank card.

    --
    The real "Libtards" are the Libertarians!