Ponmocup: a giant hiding in the shadows

This report describes the results of an extensive study about the Ponmocup botnet. It provides a complete time-line and unique insight into the modus operandi of the Ponmocup operation and describes the important details of the malware.

Ponmocup: a giant hiding in the shadows

The whitepaper ‘Ponmocup – A giant hiding in the shadows’ describes the results of an important study Fox-IT conducted about the Ponmocup botnet. The report provides a complete time-line and unique insight into the modus operandi of the operation around Ponmocup and describes all the important details of the malware, including as yet unknown indicators of compromise, both on host and network level, which previous research has only scratched the surface of.

Ponmocup, the full story

Ponmocup, first discovered in 2006 as Vundo or Virtumonde, is one of the most successful botnets of the past decade, in terms of spread and persistence. This underestimated botnet is still in active use and under continuous development. Though Ponmocup has received only minimal attention from the security community and is often described as low risk, it is in fact technically sophisticated with extensive functionality.

Ponmocup is believed to be aimed at financial gain. Although it is difficult to quantify the exact amount of money earned with the Ponmocup botnet, it is likely that it has already been a multi-million dollar business for years now.

Now at Fox-IT

Contact us

+31 (0) 15 284 79 99

fox@fox-it.com

Delft