Ponmocup: One of the world's most successful, oldest and largest botnet has infected 15 million to date machinemata and has looted millions of bank accounts.
We're talking about the Ponmοcup botnet rediscovered by eight Fox IT researchers. They report that the botnet in its heyday had under its control 2,4 million infected Appliances (2011) and currently powers about half a million systems.
Team Leader Maarten van Dantzig presented their work titled Ponmocup: A Giant Hidden in the Shadows [PDF] at the BotConf conference this week.
van Dantzig and researchers Danny Heppener, Frank Ruiz, Yonathan Klijnsma, Yun Zheng Hu Erik de Jong, Krijn de Mik, and Lennart Haagsma report that the malware first reported in 2006, it has powerful concealment capabilities that make it almost "invisible" and is the work of rather Russian developers.
"Compared to other botnets, Ponmocup is one of the largest that has been active today for nine consecutive years. It is also one of the biggest running, but it is very rare to notice it "says van Dantzig.
"Although it is difficult to quantify the exact amount of money that the Ponmocup botnet has stolen, it is possible that it already has several million dollars. ”
"Its infrastructure is complex, distributed and extended, with servers running, with exclusive tasks."
Ο Van Dantzig αναφέρει ότι οι επιτιθέμενοι διατηρούν ολοκληρωμένη υποδομή που έχει δοκιμαστεί η ποιότητα της με τον χρόνο, είναι τεχνολογικά εξελιγμένοι στα λειτουργικά των Windows και έχουν περίπου 10 χρόνια εμπειρίας στην ανάπτυξη malware.
So far, researchers have discovered around 25 unique plug-ins and 4000 variants that show continued growth.
Malicious software includes anti-analysis tricks, and intelligently uses beneficial loads to confuse analysts.
For more technical details read the PDF.
