The Ponmocup trojan, which was first known as Vundo or Virtumonde has made around 15 million botnet victims in just 9 years.
This means that each year, the Ponmocup Trojan was able to infect ~1.6 million devices each year and ~4566 devices each day. The report which has been published by Fox-IT states that the threat actors are using the Ponmocup Trojan to achieve financial gain.
The same report states that the Ponmocup Trojan was at its biggest during July 2011, averaging around 2.4 million infected systems. Since then the botnet has shrunk in size and has remained stable around 500 000 active botnet victims.
Ponmocup botnet Multi-million dollar business
FOX-IT thinks that the threat actors have an Russian origin, FOX-IT states that the malware framework shows signs of advanced and sophisticated technical skill sets.
There are multiple reasons to assume this is the case. Firstly, their infrastructure is complex, distributed and extensive, with servers for dedicated tasks. Secondly, they operate, maintain and monitor their comprehensive infrastructure with a group of operators and are quickly able to mitigate potential risks that are discovered. Thirdly, the malware itself is sophisticated and aimed at avoiding detection and analysis.