Botnet and infected Malware exposes 2,000,000 Passwords

By on December 4, 2013 5:17:33 PM from JoeUser Forums JoeUser Forums

DrJBHL

Join Date 04/2002
+2123

 

On Neowin, Brad Sams has notified on some ugly news:

“Over two million passwords for Yahoo!, Facebook, Twitter, LinkedIn and others have been posted to the web after a botnet has infected thousands of machines and used a keylogger to obtain passwords. While this breach is not from any particular service, the botnet has clearly been running effectively for some time as it reportedly has over 2 million passwords, 300,000 of which are for Facebook accounts.”

So, if you suspect your account has been hacked, change passwords immediately. Also,

use the online scanners at Kaspersky (or elsewhere) and scan for keystroke loggers since that’s how these minions of the dark side worked their evil.

31 Replies
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
December 4, 2013 5:35:04 PM from WinCustomize Forums WinCustomize Forums

So if I have no real personal information and do very little on any of these places would I really care?

Not being smart just asking a question as they don't have any of my personal information except for my name. When Adobe was hacked I did cancel my credit card and got a new one. In fact my credit card company knew about it and when I called they suggested it.

Reason for Karma (Optional)
Successfully updated karma reason!
December 4, 2013 6:33:55 PM from WinCustomize Forums WinCustomize Forums

time to change my passwords.

Reason for Karma (Optional)
Successfully updated karma reason!
December 4, 2013 7:07:28 PM from WinCustomize Forums WinCustomize Forums

I am a LinkedIn member only, the rest of them are garbage sites for children and I don't belong to them. Not worried about it here.

 

EDIT: Clarified below in Reply #13, please don't take this personally. Sorry.

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
December 4, 2013 7:13:16 PM from WinCustomize Forums WinCustomize Forums

Thank you Seth.  I will let my family and friends know, so they can change their passwords, just in case. I love Facebook because I can see what my family has been up to. Most of them live in different parts of the country, so Facebook is a great way to keep in contact. Cheaper then long distance phone calls!! 

Reason for Karma (Optional)
Successfully updated karma reason!
December 4, 2013 7:32:32 PM from WinCustomize Forums WinCustomize Forums

Oh crap. Now everyone knows my password is *********

(It was ********** but I shortened it to make it easier to remember.)

Reason for Karma (Optional)
Successfully updated karma reason!
December 4, 2013 7:34:21 PM from WinCustomize Forums WinCustomize Forums

"infected Malware"..........is there any other kind?

Reason for Karma (Optional)
Successfully updated karma reason!
December 4, 2013 7:39:56 PM from WinCustomize Forums WinCustomize Forums

If you use sites like Gmail or Facebook, you really should have 2-step authentication enabled.

 

Reason for Karma (Optional)
Successfully updated karma reason!
December 4, 2013 8:04:09 PM from WinCustomize Forums WinCustomize Forums

you have to have the malware on your pc to have your passwords compromised

Reason for Karma (Optional)
Successfully updated karma reason!
December 4, 2013 8:54:36 PM from WinCustomize Forums WinCustomize Forums

If anything comes up regarding how they think it was primarily distributed, I'm curious.

The next to the last sentence of the linked article also interests me - "We should note that it appears that most malware packages do protect against the malware."  It makes me wonder how it became so widespread, doesn't appear to be a particularly tricky one.

I think people are missing the fact that Facebook, Twitter, etc., weren't the source of the infection, so whether or not a person uses those sites isn't relevant. The article just mentions those specifically for some reason.  It's a keylogger residing on people's machines logging whatever they log into.

Reason for Karma (Optional)
Successfully updated karma reason!
December 4, 2013 9:56:35 PM from WinCustomize Forums WinCustomize Forums

Quoting LightStar,
the rest of them are garbage sites for children and I don't belong to them

Don't hold back. Tell us how you really feel.

In the meantime, I'll be changing the passwords on LinkedIn and those children sites I belong to.

Isn't Stardock and all of it's staff signed up with a few of those children's sites?


*EDIT - I tried but can't let it go.

You do realize that some of those childrens sites as you would call them are used by employees and members of Stardock and Wincustomize to often 'promote' the Master Skins you make, dontcha? I've even used FB and G+ to promote works of fellow skinners a few times, including work they do unrelated to WC. Just saying. 

I'm sure it looks like I am making a big deal of this, but the comment just seemed kind of heavy handed and not entirely thought out as much as just 'put out' there. If I'm wrong, I apologize.

Reason for Karma (Optional)
Successfully updated karma reason!
December 4, 2013 11:03:16 PM from WinCustomize Forums WinCustomize Forums

Quoting PoSmedley,

You do realize that some of those childrens sites as you would call them are used by employees and members of Stardock and Wincustomize to often 'promote' the Master Skins you make, dontcha? I've even used FB and G+ to promote works of fellow skinners a few times, including work they do unrelated to WC. Just saying. 

I'm sure it looks like I am making a big deal of this, but the comment just seemed kind of heavy handed and not entirely thought out as much as just 'put out' there..

AGREED!

Reason for Karma (Optional)
Successfully updated karma reason!
December 5, 2013 5:26:19 AM from WinCustomize Forums WinCustomize Forums

WTF?  Relax, folks.

All I did was post a "heads up". 

Reason for Karma (Optional)
Successfully updated karma reason!
December 5, 2013 10:47:28 AM from WinCustomize Forums WinCustomize Forums

Quoting PoSmedley,


Quoting LightStar, reply 3the rest of them are garbage sites for children and I don't belong to them

Don't hold back. Tell us how you really feel.

In the meantime, I'll be changing the passwords on LinkedIn and those children sites I belong to.

Isn't Stardock and all of it's staff signed up with a few of those children's sites?

*EDIT - I tried but can't let it go.

You do realize that some of those childrens sites as you would call them are used by employees and members of Stardock and Wincustomize to often 'promote' the Master Skins you make, dontcha? I've even used FB and G+ to promote works of fellow skinners a few times, including work they do unrelated to WC. Just saying. 

I'm sure it looks like I am making a big deal of this, but the comment just seemed kind of heavy handed and not entirely thought out as much as just 'put out' there. If I'm wrong, I apologize.

 

Well, lets just say Po that I guess I should have clarified that. It's just that all I ever see with kids nowadays is them typing away on Facebook or other social sites and not doing anything constructive with their lives, even at the age of 18+. Social sites have totally taken away personal human interaction it seems, no one actually talks to anybody, they just type away.

Like my kids for the most part, rather than call me and ask me a question, they just text, and I find that rude and tell them so. It just seems to me that our society is getting sicker and sicker by the day, and social sites are just one of the contributors. I personally just don't find social sites to be useful in society at all, but that's just my opinion. Kids are even killing themselves after being ranted at on social sites... bullying, and it's sick.

If it is being used for business purposes, I suppose its OK though.

Sorry for any confusion.

Reason for Karma (Optional)
Successfully updated karma reason!
December 5, 2013 11:02:18 AM from WinCustomize Forums WinCustomize Forums

Okay, to get this back on track I have read what TechNoWeb posted in that if your passwords are stolen or compromised it's because you have the malware on your computer.  

So I suppose it's a coin toss as to which you do first but two things to do would be to run you anti-virus and anti-malware scans and change your passwords if you think they have been compromised.  How do you tell they have been compromised?  I suppose if you see strange posting on those social sites or worst case you bank account balance takes a hit.    

Reason for Karma (Optional)
Successfully updated karma reason!
December 5, 2013 11:26:23 AM from WinCustomize Forums WinCustomize Forums

Philly:

1. Run a scan with reliable, updated software.

2. Run a scan or two from online scanners like Kaspersky, etc.

3. Assume you've been compromised and change your passwords.

4. Watch your bank and credit statements for any suspicious activity.

Reason for Karma (Optional)
Successfully updated karma reason!
December 5, 2013 12:00:48 PM from Elemental Forums Elemental Forums

Quoting LightStar,


Quoting PoSmedley, reply 10

Quoting LightStar, reply 3the rest of them are garbage sites for children and I don't belong to them

Don't hold back. Tell us how you really feel.

In the meantime, I'll be changing the passwords on LinkedIn and those children sites I belong to.

Isn't Stardock and all of it's staff signed up with a few of those children's sites?

*EDIT - I tried but can't let it go.

You do realize that some of those childrens sites as you would call them are used by employees and members of Stardock and Wincustomize to often 'promote' the Master Skins you make, dontcha? I've even used FB and G+ to promote works of fellow skinners a few times, including work they do unrelated to WC. Just saying. 

I'm sure it looks like I am making a big deal of this, but the comment just seemed kind of heavy handed and not entirely thought out as much as just 'put out' there. If I'm wrong, I apologize.

 

Well, lets just say Po that I guess I should have clarified that. It's just that all I ever see with kids nowadays is them typing away on Facebook or other social sites and not doing anything constructive with their lives, even at the age of 18+. Social sites have totally taken away personal human interaction it seems, no one actually talks to anybody, they just type away.

Like my kids for the most part, rather than call me and ask me a question, they just text, and I find that rude and tell them so. It just seems to me that our society is getting sicker and sicker by the day, and social sites are just one of the contributors. I personally just don't find social sites to be useful in society at all, but that's just my opinion. Kids are even killing themselves after being ranted at on social sites... bullying, and it's sick.

If it is being used for business purposes, I suppose its OK though.

Sorry for any confusion.

 

LOL You do realize that this forum is a social community right? I mean it's not facebook or something _you_ would consider "children sites" but you are socializing with a group of people that are in a personal computing community. So what you mean is that you have nothing against internet socializing as long as it is you and the sites you like? Noted. thanks.

Reason for Karma (Optional)
Successfully updated karma reason!
December 5, 2013 12:11:29 PM from WinCustomize Forums WinCustomize Forums

Reason for Karma (Optional)
Successfully updated karma reason!
December 5, 2013 12:13:03 PM from WinCustomize Forums WinCustomize Forums

True, but I don't make it my life or live here, and my computer is not permanently on WC like some who make Facebook/Social sites their life.

 

Oh, and my quick response is only because someone else told me of your post.

 

(Goes back to skinning...)

Reason for Karma (Optional)
Successfully updated karma reason!
December 5, 2013 9:35:02 PM from WinCustomize Forums WinCustomize Forums

FB, Twitter, etc have their uses, but the amoumt of harm they are allowed to do effectively surpasses the 'benefits'.

They are poorly run and managed.

Heck...I recently thought I was doing the 'socially correct' thing and accepted a whole bunch of 'friend' requests only to discover I was subsequently 'restricted' from access for some form of 'trolling'....and all I did was click on 'yes' or 'ok' - whatever.

So...if anyone feels a NEED to be connected to me via FB....well tough titties...I'm only going to be approachable by genuine human beings....not naive childish users of junkware social media.

I can keep REAL friends without such rubbish....longest-lasting I have known now for 52 years....we went to Primary School together.

Too much damage is done by them....particularly bullying - [resulting in suicides] ... slander, libel and Identity theft.

Yes, so it's [mostly] the fault of who uses it.... but how many of you have heard of instances of Police interaction to have pages removed?

Community 'social' sites [forums] such as Stardock's ARE 'policed'....eg. if someone posts personal information that 'may' cause an issue [to them] it's simply deleted.

I think the next time I log into FB it will to change whatever settings there are in place to stop the email notifications of 'requests' or 'xxx wants you to view his latest photo of Fido' .

Anyone feeling a NEED to contact me....my actual email is on the 'about' page...

Reason for Karma (Optional)
Successfully updated karma reason!
December 5, 2013 11:03:49 PM from WinCustomize Forums WinCustomize Forums

Karma for  everyone!!!     

Reason for Karma (Optional)
Successfully updated karma reason!
December 7, 2013 1:08:00 AM from WinCustomize Forums WinCustomize Forums

You may also want to check out this site as well.

https://shouldichangemypassword.com/

I found this via the thread that this thread is linked to on Neowin. It turns out two of my email accounts were compromised. The dates listed for the attacks are around the time Adobe had it's little issue so I don't know which to blame but I went ahead and changed my passwords anyway.

Reason for Karma (Optional)
Successfully updated karma reason!
December 7, 2013 6:13:47 AM from WinCustomize Forums WinCustomize Forums

Thank you Po!  

Reason for Karma (Optional)
Successfully updated karma reason!
December 7, 2013 6:22:29 AM from WinCustomize Forums WinCustomize Forums

Keep in mind, even if you update/change your password, that site and the one linked will still tell you it has been compromised, so after changing passwords it won't give you accurate info.

 

Got this from Adobe (changed my password as soon as the hack was publicised):

Important Password Reset Information

As we announced on October 3, Adobe discovered sophisticated attacks on our network involving the illegal access and removal of a backup database containing Adobe IDs and encrypted passwords. We are writing to let you know that your Adobe ID was in the database taken by the attackers -- but, importantly, your current password was not . As a result, we did not reset your password. We have no reason to believe that your Adobe ID account is at risk or that there has been unauthorized activity on your account. The database taken by the attackers came from a backup system that contained many out-of-date records and was designated to be decommissioned. Adobe’s authentication system of record, which cryptographically hashes and salts customer passwords, was not the source of the database that was taken.

However, if you use your old passwords on any other websites, you should change those passwords. We also recommend that you follow password best practices to help ensure your current password is secure:

 

  • Don’t reuse passwords: Your password should be unique to your Adobe ID account. Don’t reuse a password you have previously used with your Adobe ID or a password you are using on any other website.
  • Make sure your password is difficult to guess: Your password should be at least eight (8) characters in length. It should contain a mix of different character sets, such as upper case letters (A-Z), lower case letters (a-z), digits (0-9), and special characters (# $ % & - _ { }). It should not use all or part of your name or your Adobe ID.

 

We deeply regret any inconvenience this may cause you. We value the trust of our customers and are working aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Care page, which you will find here.

Adobe Customer Care

Reason for Karma (Optional)
Successfully updated karma reason!
December 7, 2013 6:24:06 AM from WinCustomize Forums WinCustomize Forums

I got a notification from Adobe yesterday about this very thing. I had already changed my email password and the one I use on FB. The others are for youtube, yes I know Google got their greedy fingers in it, but no personal info other than my email and the googler already has that. Besides I have zero personal info out there. Hackers probably hate me! Lol  

Reason for Karma (Optional)
Successfully updated karma reason!
December 7, 2013 9:26:53 AM from WinCustomize Forums WinCustomize Forums

Be careful with those Adobe alerts. Part of the issue was 'fake' emails being sent out that were/are very similar to the actual email Adobe has sent.

 

  • "Protect yourself against non-legitimate email “phishing” attempts: If you received an email requesting you to change your password, and you’re concerned whether it is legitimate, don't click any links in the email. Instead, type www.adobe.com/go/passwordreset into your browser to be sure."
Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #108432  walnut2   Server Load Time: 00:00:00.0000250   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2014 Stardock Corporation. All Rights Reserved.