The websites themselves, which included Google, Yahoo, Twitter and Facebook, have not been compromised individually or as a group. However, security firm Trustwave says that the virus went undetected by all anti-virus programs for the past 30 to 60 days while it silently sent account usernames and passwords to several servers controlled by a hacking team. Trustwave is unsure of how large the team of hackers is at the time, though they have located one of the servers in the Netherlands.
On the server, they found over two million login usernames and passwords. In total, they located the credentials for 93,000 websites. The breakdown of the majority of what they found is below:
Gmail, YouTube, and Google+ (70,000)
Odnoklassniki (similar to Facebook, but based in Russia, 9,000)
Trustwave has no idea if the hacking group logged into these accounts, but they assume they did as all passwords and emails came unhashed because the virus was a keylogger, not an infection of the website.
Several of the companies have already sent out reset requests to the compromised users, such as Twitter and Facebook. However, Google and Yahoo have yet to take any precautionary steps.
Currently, it’s impossible to tell which computers are infected and which are not since the malicious software went through a proxy server. Trustwave says that while they shut down the first server they found, the project is ongoing, and there are at least two to three additional servers running the keylogging software that are still collecting data from millions of other computer users.
Am I Infected? What Do I Do?
Since the virus is hidden and running in the background of your computer, you’ll need to download a trustworthy antivirus immediately (or update your definitions). In addition, browser patches have been released that counter the virus, so they should be downloaded and installed as well.
It’s especially important you change your password for ADP, as hackers can view your paystubs, social security numbers, and more private details by simply logging into these accounts and downloading your paystub information. Trustwave says they may be even able to modify your payments and take part of your pay as long as they have access to your account. However, changing your passwords on all of your main websites, especially if your virus protection discovers you are infected, is essential.
Unfortunately, this is not the end of this particular virus, so keep your virus definitions up-to-date. In addition, changing your password every few months as a precaution is advised.