Pony botnet plunders 650,000 web logins in days, Trustwave reports

Stats pulled from C&C server

Security firm Trustwave has discovered a Russian command and control server for the Pony botnet that has managed to plunder the Web credentials of 650,000 victims in a matter of days.

The bot's purpose is to compromise the PCs of its victims, keylogging their account names and passwords, the more the merrier. It's not fussy which logins it steals either.

Using statistics from the bot controller's web interface, the firm found that it had stolen 278,000 from Firefox users, 212,000 from Chrome, and 117,000 from Internet Explorer.

It had also nabbed another 14,500 from Outlook, 1,000 from Windows Live Mail, 16,000 from Facebook, 35,000 from Yahoo, 28,000 from Google, and 12,000 from Twitter as well as logging 7,000 potentially valuable FTP accounts.

"It's a dangerous world out there; this is a single instance of a single botnet controller showing some pretty big numbers," said Trustwave's lead security researcher, Arseny Levine.

"Not knowing how these machines got infected in the first place, it's hard to say whether it was targeting specific businesses, business sizes, or if it was targeting businesses at all."

Most of the victims were in Asia, Trustwave said, with the top domains being Russia, Vietnam, Iran, India and Turkey.

Pony is a relatively unknown botnet among many others but the figures discovered by Trustwave are still impressive for a few days work. Given that this is only one controller among an unknown number, it could be a rising star among botnet.

Tags: Personal Tech, Yahoo, Google, trustwave, security, twitter, Facebook, mozilla

Data volumes making security-log centralisation trickier: ManageEngine

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Security and Control

Protect your users on the web

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.