Recently, researchers at SpiderLabs, discovered approximately two million stolen login credentials belonging to various sites not excluding a payroll processing organizations.
The stolen credentials were stored on a server and were tracked down by these researchers. These credentials were stolen by Pony Botnet.
The primary task of Pony is to deploy a keylogger and steal the user-names and passwords. The first thought which comes into our minds when we hear about keyloggers, is the use of Virtual keyboards and Password Managers. Irrespective of the password length and its complexity, which get easily defeated by a keylogger and also not taking into consideration the security of a website, whether it is susceptible to various forms of web-based attacks or has been hardened to avert any form of attack against its infrastructure. It is deemed necessary to protect our passwords from the prying eyes of a keylogger.
However, there have been instances wherein certain malwares have mouse tracking aka mouse-click tracking ability which will again defeat the very purpose of a virtual keyboard.
Virtual keyboards are designed in a manner which will not utilize the wm_keydown/wm_keyup /wm_keypress windows messages nor are they supposed to rely on clipboard to transfer the key-strokes to the active application window. There are numerous other methods by way of which it would be possible to send keystrokes without the active knowledge of a keylogger and as the defenses against the keyloggers have increased, keyloggers themselves have become more intelligent in detecting the methods used by Virtual Keyboards.
Also, when we take a look at Password managers, their primary task is to store site specific login credentials and when the user browses to this specific website, login credentials are injected into their respective fields. However, when trojans start interception of http traffic before it is being encrypted then even these password manager fail. As the trojan has got all the information it was designed for.
So the only way out, is to utilize the services of sites which provide two-factor authentication, which wouldn’t render these keyloggers / trojans useless however, without the dynamic two-factor authentication mechanism the credentials are of no use to the bot-master.
Furthermore, this doesn’t mean that, just by designing sites with two factor authentication or by utilizing their services the user would be safe, the users themselves have to be proactive in their approach.
The following points have to be taken seriously and deployed
1: Relying on good security suites which would detect such threats, provide you with accessories eg. virtual keyboard to protect you from online threats, password managers etc.
2: Regular updates
3: Complex passwords and enabling two-factor authentication where ever possible.
These are a few tips on how you can protect yourself online from threats similar to those presented by Pony Botnet.
