the great heist

[Dave Davison]

Ran this past an administrator for approval as to be forewarned is to be forarmed. http://www.ehow.com/ehow-tech/blog/russ ... ame-and-pa What a pitty the likes of these guys don't put their expertise to good use for the benefit of others. Cheers Dave

[HansV]

Thanks, Dave. Excellent tips in that article that everyone should heed.

[Rudi]

Спасибо Dave
Полезная информация

[Claude]

shouldn't this be

Dankie Dave
nuttige inligting

[Rudi]

That's just as good. Dankie Claude!

Now, before this thread turns into a pirate copy of Thank you Dave in multiple languages, I think Smiley can say it in a universal language...

[BobH]

Спасибо Dave
Полезная информация

So! You were in on it, eh Rudi?

[Rudi]

Da!

[BobH]

OK.

I read the web page and learned virtually nothing. The warnings about practicing 'safe internet' were motherhood and apple pie. We do all those things.

What I would like to know are the following:
1) How can I tell if my machine has been turned into a bot?
2) Did MSE detect and block the malware?
3) What web sites were hacked by the bots? What majors (Amazon, et al) were hit?
4) What should user do? I can change all my passwords, but is that enough?

Whey didn't the authors address these issues (and others that I probably overlooked)?

[HansV]

Probably because not much information is available. Here is the original article from the company that discovered the theft: YOU HAVE BEEN HACKED!

[stuck]

...the company that discovered the theft...

I'm probably wrong but that site doesn't feel right to me. Discovering this massive theft seems to be the only thing they've done and their contact us page is a bit thin. Surely a bona fida security company would have more to it than this?

Their whois is at:
http://who.godaddy.com/whoischeck.aspx? ... CURITY.COM
but if I read it right this is front for another company called 'DomainsByProxy.com':
http://who.godaddy.com/whois.aspx?domai ... yproxy.com
Why hide?

Ken

[HansV]

I dunno, but all articles about this theft point back to Hold Security...

[viking33]

OK.

I read the web page and learned virtually nothing. The warnings about practicing 'safe internet' were motherhood and apple pie. We do all those things.

What I would like to know are the following:
1) How can I tell if my machine has been turned into a bot?
2) Did MSE detect and block the malware?
3) What web sites were hacked by the bots? What majors (Amazon, et al) were hit?
4) What should user do? I can change all my passwords, but is that enough?

Whey didn't the authors address these issues (and others that I probably overlooked)?

This is from a Comcast site but should be relevant.
------------------------------
A number of signs can tell you if your computer may be infected with a bot, including:

Undelivered email notifications in your inbox to unknown email addresses. Bots will frequently use email accounts to send out spam. Spam to unknown email addresses will result in a “failure to deliver” notification in your inbox.
Suspicious email account activity. Bots create multiple email addresses in your email account. If you notice additional email addresses in your account that you didn’t create, you may have an infected computer.
Multiple toolbars on your Internet web browser. Bots will frequently install various toolbars to help collect search information from your web browser.
Unusual error messages. Error messages that suggest applications cannot run or drives cannot be accessed can be indications of a bot infection.
------------------------
I post this because my email was hacked a few months ago by some location in China and I started to get those undelivered email notifications. Maybe five or six a day but enough for me to notice them. I checked the addresses by clicking on view source in the other actions drop down of Thunderbird. I forget the actual town\city name but it was in China. I had to change my email password to a "stronger" one and they have since stopped.

A lot of other info on BOTS and prevention of same if you Google "BOT detection."

[Jay Freedman]

The eHow article that Dave cited mentioned creating strong passwords only once, but other articles I've seen about "the big heist" go on about it at length. While it's a good thing to use strong passwords, it wouldn't have done anything at all to stop this particular exploit.

The Russians weren't hacking one user at a time and breaking their passwords. Instead, they hit the servers of lots of web sites, and either found ones that were storing user data unencrypted or managed to break the site's encryption keys. Once they had that, it wouldn't matter how strong the users' passwords are.

[BobH]

The eHow article that Dave cited mentioned creating strong passwords only once, but other articles I've seen about "the big heist" go on about it at length. While it's a good thing to use strong passwords, it wouldn't have done anything at all to stop this particular exploit.

The Russians weren't hacking one user at a time and breaking their passwords. Instead, they hit the servers of lots of web sites, and either found ones that were storing user data unencrypted or managed to break the site's encryption keys. Once they had that, it wouldn't matter how strong the users' passwords are.

Yes, I agree, Jay!

I use a program to generate passwords that are very strong by every measure I've found. I never use the same password for any 2 purposes - all are unique. But, they can still be captured by bots and abused.

I am about to go through and change no fewer than 100 passwords, but before I do I should like some assurance that the new ones will not be compromised. There is no way that I know of that this can be done. If someone knows how, please advise. Changing that many passwords is no small task.