Recently, researchers at Trustwave found a botnet controller that contained roughly 2 million credentials (passwords). The credentials that were found included a few big names-facebook, yahoo, google, and twitter-but also included roughly 8,000 passwords used to access ADP services. This is of particular importance to all because unlike most services, ADP, a payroll processor, leads whoever obtains access to actual funds.
How were these credentials obtained? According to a press release from ADP, the credentials found were obtained through phishing campaigns where unsuspecting targets divulged their credentials thinking that they were responding to or interacting with an actual ADP service.
It should be noted that these credentials, at least those for the ADP services were obtained through a phishing email of some sort, so unless you have provided credentials through one or are utilizing a shared computer that may have been compromised, it should be safe to assume the credentials are safe. Add a sentence here about how this relates to a botnet controller, to connect to the paragraph below, or it might be a cool sidebar if your blog theme has a way to put one in, like “what is a botnet?” I have a vague idea of how the phishing relates to the botnet, but you can probably explain it better.:)
A botnet is essentially a network of compromised computers that can be controlled to perform certain activities. These are used for many reasons, some of the most common are to send out spam or perform denial-of-service attacks (an attack where multiple computers send messages to a single computer or server with the intention of overloading it.)
Always be vigilant and be prepared to recognize phishing emails. Please read the following blogs to learn more.
- Anatomy of a Spear Fishing Email (blog post from DTS – Information Security Office)
- “If there are no links in an email, it can’t be a phish.” (article from Sophos Ltd. nakedsecurity blog)
- “Found: Hacker server storing two million pilfered passwords” (artcile from Ars Technica)
If you feel that you may have been a victim or a phishing email attack, please contact the DTS Help Desk at 617-989-4500 or via email at HelpDesk@wit.edu. If you would like to report a phishing email, please forward the message, including the email header information, to firstname.lastname@example.org.