In December of 2013 security researchers from Trustwave's SpiderLabs found that about 2 million account credentials had been stolen by cybercriminals with the help of a botnet called Pony. Experts report that in addition to account authentications, Pony has also been used to steal virtual currencies.
Cybercriminals managed to steal over 700.000 credentials in total, 600.000 of which are for websites, 100.000 for email accounts, 16.000 for FTP servers, 900 for SSH, and 800 for connections Remote desktop. This data was stolen between September 2013 and mid-January 2014.
Based on the data they received from the attack control panel, experts concluded that four months after the theft of information, cyber criminals decided to stop PonyBot.
Most of the credentials have been stolen from Germany (41.177), Poland (17.214), Italy (15.672), Czech Republic (14.835), Bulgaria (7.063), France (5.513), Croatia (4.725) Peru (4.616), India (2.761) and Vietnam (2.234).
Around 80.000 accounts on Facebook have been affected, followed by domains accounts.google.com (13.740), nk.pl (13.169), seznam.cz (11.712), profile.wp.pl (8.036), abv.bg ( 6.589), yahoo.com (6.554), szn.com (6.175), google.com (5.842), and pl-pl.facebook.com (3.974).
The Pony botnet has also been used to target Bitcoins and other virtual coins. Experts have found that cyber criminals get 220000 dollars from these violations.
In addition to Bitcoin, the Crime Preference list also includes Litecoin, Feathercoin, Fastcoin, Bytecoin, Namecoin, Mincoin, Zetacoin and many others.
Due to the high value of Bitcoin, the attackers did not need to breach a large number of wallets. From the access they acquired only on 85 wallets, they managed to steal 355 Bitcoins, 280 Litecoins, 33 Primeoins and 46 Feathercoins.
It is known that if someone empties your wallet, there is nothing you can do about it.
