Pony, for those of you who have not yet had the pleasure of encountering it, is a bot controller much like any other: It has a control panel, user management, logging features, a database to manage all the data and, of course, statistics. It also seems to be doing these things right, as it appears to be popping up quite a bit lately.
This Pony, version 1.9 as they tend to be these days, was a particularly diligent one and within a few days hundreds of thousands of credentials were stolen from its victims.
Breakdown of stolen credentials per browser, e-mail client, and domain:
You may not think it by looking at these fairly professional statistics that wouldn’t put a dignified piece of software to shame, but Pony’s main business still remains theft: stolen credentials for websites, email accounts, FTP accounts, anything it can get its hands on- grabbed and reported back home.
A total of nearly 650,000 website credential stolen, with the top sites being:
- ~90,000 credentials for Facebook accounts
- ~25,000 credentials for Yahoo accounts
- ~20,000 credentials for Google accounts.
Arseny Levine, Lead Security Researcher at Trustwave.