Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Request a Demo

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Request a Demo
Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP

Look What I Found: It's a Pony!

Change theme to light Look What I Found: It's a Pony!
1 Minute Read by Anat (Fox) Davidi

Every once in a while we get to peek into the lion's den, this time we'll be checking out a fairly large instance of the Pony botnet controller, containing a large amount of stolen credentials and other goodies.

Pony, for those of you who have not yet had the pleasure of encountering it, is a bot controller much like any other: It has a control panel, user management, logging features, a database to manage all the data and, of course, statistics. It also seems to be doing these things right, as it appears to be popping up quite a bit lately.

This Pony, version 1.9as they tend to be these days, was a particularly diligent one and within a few days hundreds of thousands of credentials were stolen from its victims:

8057_15686519-1414-4513-9942-7fcdfff69b2d
Stolen Passwords by Day

8141_19a8b0e5-06bb-4654-8dc5-8bd458b27f8d
Breakdown of StolenCredentials per Browser, E-mail Client, and Domain

You may not think it by looking at these fairly professional statistics that wouldn't put a dignified piece of software to shame, but Pony's main business still remains theft: stolen credentials for websites, email accounts, FTP accounts, anything it can get its hands on- grabbed and reported back home.

It seems only fair, then, that we judge this Pony in numbers, so here they come…

A total of nearly 650,000 website credential stolen, with the top sites being:

~90,000 credentials for Facebook accounts

~25,000 credentials for Yahoo accounts

~20,000 credentials for Google accounts

.. And many more with lower individual numbers, but still amounting to the remaining 515,000 accounts.

Next in numbers were email accounts, with 17,000 compromised.

And for the frosting on these credential cake are 7,000 stolen FTP credentials.

It's a dangerous world out there; this is a single instance of a single botnet controller showing some pretty big numbers… Watch yourselves, and keep an eye out for those random ponies running around.

Customers of Trustwave Secure Web Gateway version 11.0 with the new Trojan Detection feature are protected against such bot communication.

I would like to thank my colleague, Daniel Chechik, for his help with the research put into this blog post.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Lessons from a Honeypot with US Citizens’ Data
2024 Trustwave Risk Radar Report: Cyber Threats to the Retail Sector
Hooked by the Call: A Deep Dive into The Tricks Used in Callback Phishing Emails

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo