Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 Million Hacked


  • Please log in to reply
15 replies to this topic

#1 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:41 AM

Posted 06 December 2013 - 04:02 PM

Nearly 2MM (million) accounts have been hacked including ADP which is one of the largest providers of comprehensive payroll and employee benefits services.

"Hackers have stolen usernames and passwords...compromising accounts at Facebook, Gmail, Twitter, Yahoo and ADP."

Article Dec 4, 2013 from CNN Money here

2 million Facebook, Gmail and Twitter passwords stolen in massive hack

The author, Jose Pagliery, said Trustwave notified the above-named companies of the breach. According to the article, '(Miller) said the team doesn't yet know how the virus got onto so many personal computers. The hackers set up the keylogging software to rout information through a proxy server, so it's impossible to track down which computers are infected. The hacking campaign started secretly collecting passwords on Oct. 21, and it might be ongoing: Although Trustwave discovered the Netherlands proxy server, Miller said there are several other similar servers they haven't yet tracked down."

Miller also was quoted, "Just searching programs and files won't be enough, because the virus running in the background is hidden."

For Best Practises to Common Security Questions, please refer to this BleepingComputer topic for guidance on safe computing, prevention of viruses and malware, and system hacks by quietman7.


BC AdBot (Login to Remove)

 


#2 slap2442

slap2442

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 06 December 2013 - 04:45 PM

they got me too!



#3 Genex17

Genex17

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 AM

Posted 06 December 2013 - 06:11 PM

I use Lastpass to auto fill my password forms, so I gather even if they were to drop a keylogger on my computer, then it would not get the password entries?



#4 jziggyp

jziggyp

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:41 AM

Posted 06 December 2013 - 07:26 PM

So how does one know they have been hit by this and how do you remove it ??

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:41 PM

Posted 07 December 2013 - 04:57 AM

That depends on what account has been hacked. For example, if your email account has been hacked, you typically notice this by large amounts of spam mails being sent out, or receiving a lot of delivery failure notifications for mails you never sent.
Likewise for Facebook/Twitter, you'll notice activity (usually spammy), usually a lot of it.
 

how do you remove it ??

 

You don't, because there is nothing malicious on your computer in such cases. :) In case of doubt, the only thing you have to do is change your password. Always ensure you use a strong password, or for example a password manager (as mentioned by Genex17).


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Warthog-Fan

Warthog-Fan

  • Members
  • 293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:11:41 AM

Posted 08 December 2013 - 09:36 PM

I always use my computer on a "User Account", as opposed to an "Administrator Account". Since the virus in question puts code onto the computer, will running in User mode prevent this virus from infecting my computer?

 

Bob



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:41 PM

Posted 09 December 2013 - 03:03 AM

Hi Bob, in case of hacked email accounts and similar (as explained in post #1), that really doesn't matter because there is nothing on your computer in the first place, your account credentials are compromised by/on external resources. But generally speaking using a limited user rather than an admin account is a good precaution against actually getting infected.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 SillyMuppet

SillyMuppet

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 09 December 2013 - 04:48 AM

Doesn't look like they got in my account atleast. Thanks for the heads up :thumbup2:



#9 Darktune

Darktune

    Very Purple


  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:04:41 PM

Posted 09 December 2013 - 08:17 AM

I shall have to check my PC when I get home. Hopefully I'm not included.

 

Thanks for posting !


It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


#10 A_Late_Fall

A_Late_Fall

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 11 December 2013 - 12:22 PM

I read with interest the article on CNN Money about the hack of peoples' computers.  The next day I logged onto my account at the art hosting website deviantArt and a message came up from the site saying my email address had been associated with the recent hack and that I should change my password.  I did, and also for my email and any other password protected site I've been to since then, but if there is a secret keylogger installed it would seem that any changes could also be noted.

 

In any case, today I seem to have a rootkit malware installed that is hogging all my resources out of one of the svchost.exe groups in my processes list (Windows XP).  I had had a similar problem earlier this year on my father's computer (also Windows XP).  It was set up as a bot computer sharing files and we solved it with this website's help and Kaspersky TDSSKiller, but that program doesn't seem to be helping this time.

 

I will post a help request on the proper thread, but I thought you might be interested that this is a possible outcome of the hack.



#11 Erin Walsh

Erin Walsh

  • Banned Spammer
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:41 AM

Posted 15 December 2013 - 03:54 PM

Is that Jr. Iggy Pop?  or Ziggy?  Either way, how do you know and what to do are great questions.  In addition to, how does it affect mac users?  if at all.

 

Curious....



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:41 PM

Posted 15 December 2013 - 04:05 PM

It doesn't matter what OS you use, because the accounts are compromised, not the computers/devices used to access the accounts. :)


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 David11

David11

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 16 December 2013 - 03:08 AM

I'm a bit confused.  The article at the top says "the team doesn't yet know how the virus got onto so many personal computers. The hackers set up the keylogging software to rout information through a proxy server, so it's impossible to track down which computers are infected."

 

Yet, people are posting saying that it's wasn't the home computers that were compromised, it was the accounts.



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:41 PM

Posted 16 December 2013 - 03:44 AM

The article is pretty vague on this really. You can interpret it a few ways: it can be serverside or computer side, there aren't enough details given to be sure. If however they used one specific keylogger on a lot of user computers, its very strange no more information was given (for example, AV vendor X detects this keylogger as Trojan Y). the fact that this information was so vague makes me suspect that in fact the hack was serverside (hackers were able to access private information stored on a server and sent the collected information via proxy......), which usually is kept more under wraps because no involved company likes to admit what happened.

 

The fact that I have seen no evidence at all of sudden jumps in keylogging detections combined with the fact that real undetectable malware is very, very rare (and mostly only theoretical), makes me suspect the latter is the case. Again that is the conclusion I draw after reading it all, it is always possible to get a keylogger infection and you should take preventive measure in any case (adequate protection, keep software up to date, don't open unknown email attachments, don't visit shady websites and so on), but I have seen no evidence of this.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Skippyroo

Skippyroo

  • Banned
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 PM

Posted 16 December 2013 - 06:56 PM

I have always considered that Facebook and Twitter were a hackers playground where they honed their skills to perfection. A kind of proving ground for malpractice techniques. Don`t know about Gmail, that "should" be as secure as Google can make it and Google are experts in the business of cyber technology.

Another thread has been started today (16 Dec.) by Saafft entitled "My passwords are getting stolen".
Looks like he is one of the 2 million victims.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users