SECURITY FIRM Trustwave has discovered evidence of a Pony malware infection that has snarfed credentials from social media websites including Facebook and Twitter.
Trustwave covered the identity theft campaign on its Spiderlabs blog. The bloggers reckoned that the Pony attack was aimed at users in Russia and was rather effective.
The firm said that since the Pony malware code was released it has seen a number of instances. This one, it added, has compromised as many as two million accounts at websites including Google, Twitter, Facebook and Linkedin.
The accounts have been compromised in a variety of ways, and the majority or about 1,580,000 of them were website login credentials. Also taken were email account, FTP, remote desktop and Secure Shell (SSH) account credentials.
"In comparison to the last instance of Pony that we talked about, with statistics that looked like a hit-and-run operation, this one spiked at the beginning but was otherwise fairly stable and consistent in its daily 'revenue'," wrote the firm.
"As one might expect, most of the compromised web log-ins belong to popular websites and services such as Facebook, Google, Yahoo, Twitter, Linkedin, etc."
It described the presence of a couple of Russian destinations as "notable", adding that this "probably indicates that a decent portion of the victims comprised were Russian speakers".
It appears that the compromised account information was bounced through services in the Netherlands, and Trustwave said that affected users could be found across the globe.
Many of the compromised users had woefully bad passwords, and the most common one was "123456". Also popular were "123456789", "1234" and of course "password". Far too many used "admin" as a login, and over 1,000 used "11111".
Trustwave has analysed the password list and found, reassuringly, that 44 percent could be described as medium strength. Bad passwords accounted for just over a quarter while just five percent were excellent. Six percent were terrible and four characters or less. µ
Sign up for INQbot – a weekly roundup of the best from the INQ