Pony Botnet
Posted: July 9, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 1,445 |
First Seen: | July 9, 2013 |
---|---|
Last Seen: | July 13, 2023 |
OS(es) Affected: | Windows |
The Pony botnet is a loose collection of PCs compromised by affiliated backdoor Trojans and spyware, which have been found to be so effective that, in less than a week, they already managed to steal the account login data of over half a million separate victims. The Pony botnet attacks are fairly indiscriminate about which applications they harvest their login information from, and will target most brands of Web browsers and e-mail clients – as well as including some generalized data-recording functions that aren't tied to any specific programs. To keep your own information from falling victim to theft by the Pony botnet, SpywareRemove.com malware researchers encourage all appropriate anti-malware strategies, including blocking, disabling and removing Pony botnet Trojans from your PC with suitable anti-malware software.
Why the Pony Botnet Isn't Exactly Your Little Pony
Less of a vehicle of transportation for you than the Pony botnet is a transferal mechanism through which criminals can steal your private information, the Pony botnet only has had a limited number of Command & Control servers confirmed thus far, but already is showing huge numbers of successful attacks – all tracked with professionally-managed statistics. Currently, the Pony botnet's C&C interface is displayed in Russian, but the Pony botnet's attacks are far too widespread (hundreds of thousands, at current estimates) to be confined to that region alone, and most likely are affecting the majority of first-world countries like the US, Europe, Canada and Australia.
On the victim's end, the primary component of the Pony botnet is a spyware program that includes keylogging functionality. Keyloggers can record your keyboard input and transfer the data – usually in the format of a text log – to a central server, where criminals peruse it for passwords, account numbers and other data worth plundering. Pony botnet spyware also includes many functions for targeting a broad range of popular programs, and SpywareRemove.com malware experts have put together the following list of examples:
- FTP clients like FFFTP or TurboFTP.
- Web browsers like Google Chrome, Internet Explorer, Firefox or Opera.
- E-mail clients like Incredimail, Outlook and Windows Live Mail.
- Specific websites, such as Facebook, Twitter, Yahoo and Google.
Although the Pony botnet spyware can steal other types of information, the criminals behind the Pony botnet campaign appear to be especially interested in compromising any online accounts by stealing passwords, e-mail addresses, user login names and similar data. The infection vector for the Pony botnet has yet to be identified – a fact that worries SpywareRemove.com malware experts and should worry you, as well, considering the hundreds of thousands of victims the Pony botnet already has tallied in a very short time period.
Getting a Fast Ticket Off the Pony Botnet Ride
The Pony botnet campaign is serviced by multiple C&C servers and does appear to be undergoing ongoing development – as indicated by its current version number of 1.9. As an active and non-negligible assault on your privacy and the safety of your PC, the Pony botnet should be considered a high-level PC threat, and SpywareRemove.com malware experts recommend the use of appropriate anti-malware tools for detecting or deleting Pony botnet spyware.
Trojans related to the Pony botnet may be identified by various aliases, such as a variant of PWS:Win32/Fareit – a family of password-stealing spyware that also can use your computer's resources to perform DDoS attacks. DDoS attacks, by creating floods of artificial traffic, force targeted websites to crash, and also may cause some performance issues on the end of the user of the infected PC.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 598.01 KB (598016 bytes)
MD5: d767d1af18b60dcd13f67c222965b36c
Detection count: 91
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 10, 2016
92fd5a019bf7a818e7a242b4e2b2ad76
File name: 92fd5a019bf7a818e7a242b4e2b2ad76Size: 303.1 KB (303104 bytes)
MD5: 92fd5a019bf7a818e7a242b4e2b2ad76
Detection count: 91
Group: Malware file
file.exe
File name: file.exeSize: 184.32 KB (184320 bytes)
MD5: 13d5bf1dc0dd5787fd3ef2bb8ce4e968
Detection count: 76
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 14, 2017
file.exe
File name: file.exeSize: 299 KB (299008 bytes)
MD5: d8add16bd44a8cbb423410874eb9e24e
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: July 12, 2017
file.exe
File name: file.exeSize: 1.29 MB (1290240 bytes)
MD5: 5c91b269dd6b819a0b5796da12a4999d
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 7, 2016
file.exe
File name: file.exeSize: 69.63 KB (69632 bytes)
MD5: 0e9a211f76500fcb3f47f4ea3c94b1c5
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 9, 2016
C:\Program Files (x86)\GnuWin32\bin\6s228WBo\b9f28645fa5d37366c55aa9c39756792db74e6570df8a602414c1ce21e16ec9e.exe
File name: b9f28645fa5d37366c55aa9c39756792db74e6570df8a602414c1ce21e16ec9e.exeSize: 323.58 KB (323584 bytes)
MD5: de1c9462d43c8a6a17a101f4a4840bd6
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\GnuWin32\bin\6s228WBo
Group: Malware file
Last Updated: August 18, 2018
Registry Modifications
Regexp file mask%APPDATA%\hgftvcxzwsiklon.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\netfile.vbe%APPDATA%\netfile.exe%AppData%\Pony.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.