Virus slingers who find themselves unsatisfied by merely ruining computers with ransomware are now first stealing a victim’s admin passwords to enslave their websites into attack campaigns. The battery starts with the installation of the Pony malware, which in 2013 stole some two million passwords through its global botnet. Pony can also plunder passwords from more than 100 applications, social media sites, and Google accounts. It is not clear how that initial Pony infection takes place, however. Heimdal Security bod Andra Zaharia says stolen passwords are used to upload scripts to a victim’s site before users are pushed to malicious drive-by-download pages. There the infamous Angler exploit kit delivers the as-yet insurmountable Cryptowall 4.0 ransomware. “The campaign is carried out by installing a cocktail of malware on the compromised PC … which systematically harvests all usable usernames and passwords from the infected system and sends them to a series of control and command servers controlled by the attackers,” Zaharia says.
View full story
ORIGINAL SOURCE: The Register