Pony botnet rides in to steal your bitcoins

4 March, 2014

According to reports, a band of cyber criminals has managed to successfully infect literally hundreds of thousands of computers with a virus that has come to be known as "Pony" in order to steal Bitcoins as well as other types of virtual currencies. To date, more than 85 digital wallets have been vandalized. It is widely believed that the virtual crime ring is still in operation. At the moment, the identities of the thieves remain unknown. Attacks using the Pony virus are carried out through the use of a group of infected computers that accept orders from a centralized server.

The Pony virus is an entire Botnet package that is Trojan based. It contains a control panel along with logging features, user management, and a database in which stolen data is stored. Once the virus is installed, it works by maintaining a connection with the control and command server in order to exfiltrate secure data.

One of the elements that make the Pony virus so different from other hacking attempts that have stolen confidential data is the fact that it contains two particularly vicious elements; a scanner and a keylogger. The scanner is responsible for searching critical software and extracting passwords that have been stored. At the same time, the keylogger continually watches for the entry of passwords into any program. For instance, the virus will search your email clients, browsers, and other types of software for stored passwords. Additionally, the botnet will monitor your web traffic anytime you are logged into a website and then attempt to steal your passwords for those sites. The Pony virus will continue to locate and exfiltrate passwords until the initial infection is removed.

Among the information stolen were more than 700,000 credentials, including log-in information for email, FTP, and website accounts. Log-ins for Google, Facebook, and Twitter may have been stolen in the attack, as well. It is thought that as many as 200,000 people may have been the victim of malware in the attack. The total amount of money stole in the attacks is equivalent to about $220,000. Taking place primarily between September and mid-January, the attacks appear to have focused on wallets that were unencrypted.

While the Pony botnet attack is certainly the largest of its kind, it is hardly the only such theft of its kind. Over the course of the last year, the number of cyberattacks involving Bitcoins has steadily increased, largely in proportion with the virtual currencies meteoric explosion in popularity. The infected accounts were primarily located in Europe. The majority were located in Poland, Italy, Germany, and the Czech Republic.

What can you do to protect yourself from the Pony botnet or similar viruses? Begin by changing your passwords. While you are at it, change the password to any other accounts for which you may have used the same password.

While the Pony botnet is quite malicious, there are some steps that you can take to protect yourself. First, make sure that you are using the highest quality antimalware and antivirus software possible. Ideally, the software you use should feature heuristic detection capabilities that are able to track changes based on behaviors.

It is also important to pay careful attention to how you interact online. Never visit unknown sites unless you have thoroughly researched them and know they are safe. Also, make it a habit to never open any unknown attachments or click on suspicious links. Keep in mind that one of the primary ways in which the Pony virus works is through email. If you are not expecting an email that contains an attachment or link, simply do not open it. Also, make sure you have a security solution in place for your email that will analyze your inbound content and then filter out any attachments or links to malware.

You should also make certain that your computer is kept up to date with all recent patches. All it takes to become infected by the Pony virus is to visit a website that has been infected by the malware. This type of drive by download installation can easily enter an out of date browser plug in. Ensure that all of the software you use is always updated. You might also wish to consider using an online security solution that will analyze web pages and help to remove malware.

Finally, make sure you use passwords that are both unique and complex. While a unique and strong password would not actually protect you from a virus such as the Pony botnet, analysis of the fallout from the attack revealed that a high percentage of those affected had passwords that were entirely too easy to guess and shared them across various accounts.