Trojan “Pony” Hits Bitcoin – Understand Online Theft and Protect Yourself

By d70focus.Sgarrigan at en.wikibooks [CC-BY-SA-2.5 (], from Wikimedia Commons

By d70focus.Sgarrigan at en.wikibooks [CC-BY-SA-2.5 (], from Wikimedia Commons

The recent news of the “Pony” botnet spread out to steal virtual currencies is a big blow to the slowly flourishing virtual or electronic money. According to security firm Trustwave, cyber criminals have successfully infected thousands of computers in what can be considered as the most ambitious offensive aimed at virtual currencies discovered.

Never mind that Bitcoin itself is also in trouble with Mt. Gox, a prominent bitcoin exchange, announcing that “decision was taken to close all transactions for the time being.” What matters more this time, in view of the reported threats to virtual currency, is the need to adopt security measures to avoid becoming a victim of online theft and fraud.

How do you protect yourself from online theft and fraud? Are there effective ways to make yourself impervious to cyber criminal attacks who tend to become more resourceful, ingenious, and creative with their attacks?

These simple but very effective first-line-of-defense tips should be useful:

1. Think before you click.

Many of the viruses or malware spread worldwide are the result of indiscriminate clicks. Without minding the links they click, people online facilitate the infection of a computer and the further spread of malware as they unwittingly click on “OKs” and “Yeses.” It is important to be sure of what you are clicking online. Viruses, spyware, or keyloggers don’t simply install themselves on computers without the owner allowing it.

2. Always use complex passwords and change passwords every once in a while.

Thankfully, sites nowadays require those who set up accounts to use passwords that include numbers or combinations of uppercase and lowercase letters. This helps in encouraging better online security. However, it is still important to mindfully create passwords that are not easy to guess. Birthdays, ZIP codes, and typical combinations like 123456 or series of similar numbers should be avoided.

Additionally, it is advisable to change passwords periodically. If you have been using the same password from the time you created an account, the likelihood of falling prey to online theft and fraud certainly increases. Quarter, semi-annual, or even bimonthly password modifications would be great.

3. Ascertain connection or network security when accessing your online accounts.

If you are connecting to your online banking account or if you are accessing PayPal and other online fund transfer services, be sure that you are accessing them through a secure connection. Look at the address bar of your web browsers. The websites should be loaded with “https” at the start, not the typical “http.”

Also, avoid accessing your online accounts through free Wi-Fi networks. They are unlikely to be safe. As much as possible, don’t access your important online accounts using public computers or using your own computer but connecting through a free Wi-Fi network. There have been software particularly created to snoop passwords and other important information from those who access the Internet through Wi-Fi connections.

Photo: Harland Quarrington/MOD [see page for license], via Wikimedia Commons

Photo: Harland Quarrington/MOD [see page for license], via Wikimedia Commons

4. Make sure you always have a reliable antivirus defending your computer.

The security or protection software that comes with the laptop or desktop computer you buy may not be enough. Always make sure that you have antivirus and anti-malware software. You can use free ones since they are generally reliable enough.

5. Learn to regularly update your software.

If your operating system, be it on your desktop computer or your mobile device, should be updated when there are updates available. Updates are not unimportant and should be given due attention. Often, they are released to fix bugs and plug security issues. You have to have them as soon as they are available.

Also, you need to make sure that your antivirus or anti-malware software is regularly updated. These software rely on databases to properly detect and prevent threats. If the databases are not updated or if the software itself is not updated, you cannot expect adequate protection.

6. Always secure your mobile phone or other mobile devices especially if you are using them in accessing your money or online accounts.

Mobile devices are generally personal devices exclusively used by just one user. That’s why it makes sense locking them with passwords or pattern locks. They should not be easily accessible for anyone since they are capable of storing a lot of information, including usernames and passwords to certain online accounts.

7. If you really need to use some public computer to access your online accounts, try these techniques to trick keyloggers.

Most keyloggers record keystrokes sequentially, in a chronological order. If you suspect that a computer has a keylogger in it, you can fool its logging activity by changing the way you input your passwords. For example, you can input the last five characters first then input the first three (before the last five characters, of course), and insert the middle characters. You can also enter a long string of letters and numbers and remove the unnecessary characters to be replaced by the real characters of your password.

By Qihoo ( [GFDL ( or CC-BY-3.0 (], via Wikimedia Commons

By Qihoo ( [GFDL ( or CC-BY-3.0 (], via Wikimedia Commons

If you are one of those who hoped for the more widespread adoption of the bitcoin virtual currency, you are likely disheartened hearing upon hearing the unfavorable news about it. However, it should serve as a reminder to be more cautious with your online accounts and your manner of accessing and using your online money and other assets. It should be a reminder of how even the supposedly open source and reliable Bitcoin system can be attacked by concerted efforts to breach security online.