In our previous episode of "Look What I Found" we detailed our discovery of a humongous instance of a Pony botnet controller that stole credentials for approximately two million websites, social networks, e-mails and other types of accounts.
We recently discovered yet another instance of a Pony botnet controller. Not only did this Pony botnet steal credentials for approximately 700,000 accounts, it’s also more advanced and collected approximately $220,000 (all values in this post will be in U.S. dollars) worth, at time of writing, of virtual currencies such as BitCoin (BTC), LiteCoin (LTC), FeatherCoin (FTC) and 27 others.
According to our data, the cyber gang that was operating this Pony botnet was active between September 2013 and mid-January 2014. In this ~4 month period, the botnet managed to steal over 700,000 credentials, distributed as follows:
~600,000 website login credentials stolen
~100,000 email account credentials stolen
~16,000 FTP account credentials stolen
~900 Secure Shell account credentials stolen
~800 Remote Desktop credentials stolen
We’ll get back to these numbers later on in this post. To start, we want to focus on the Pony upgrade and virtual currencies.