The whitepaper ‘Ponmocup – A giant hiding in the shadows’ describes the results of an important study Fox-IT conducted about the Ponmocup botnet. The report provides a complete time-line and unique insight into the modus operandi of the operation around Ponmocup and describes all the important details of the malware, including as yet unknown indicators of compromise, both on host and network level, which previous research has only scratched the surface of.
Ponmocup, the full story
Ponmocup, first discovered in 2006 as Vundo or Virtumonde, is one of the most successful botnets of the past decade, in terms of spread and persistence. This underestimated botnet is still in active use and under continuous development. Though Ponmocup has received only minimal attention from the security community and is often described as low risk, it is in fact technically sophisticated with extensive functionality.
Ponmocup is believed to be aimed at financial gain. Although it is difficult to quantify the exact amount of money earned with the Ponmocup botnet, it is likely that it has already been a multi-million dollar business for years now.