Cybersecurity Alerts: Weekly Update for December 4th
The Ponmocup Botnet is an advanced threat that has been frequently used since it first appeared in 2006. The threat’s main purpose is to steal financial information and assets from its victims. The botnet has been identified in many different scenarios, including ad fraud, data theft, and downloaded threats. While Ponmocup has historically maintained a low profile, it has recently gained new attention due to the fact that its operators have invested significant time and resources into the botnet’s development, making it very difficult to eradicate. Because Ponmocup uses several develop methods to deliver, install, execute and control malware, researchers have been unable to fully analyze its scope.
We covered the CryptoWall 4.0 ransomware a few weeks back in an earlier security alerts post- but we’re back for an update. Security researchers have recently discovered that this threat is spreading via drive-by download campaign. The newest version of this threat is embedded into the Angler exploit kit and attempts to convince victims to purchase a $700 software kit using veiled threats, as opposed to demanding direct payment from the user. Once the software kit is downloaded, the victim’s system is scraped for usernames and passwords, which are then used to expand the attack campaign and inject malicious scripts throughout the network. The message is clear- never download software or computer programs from an unknown source, even if the source and/or programs appear to be legitimate.