The Pony botnet malware has been around for a while but continues to cause problems and is moving into new areas.
Researchers from Trustwave have revealed on the company's blog that Pony malware has stolen the login credentials and digital wallets of thousands of people over a four month period.
This is the first time that widespread Pony malware has been found to steal digital wallets and currency. The currencies stolen include BitCoins, LiteCoins, FeatherCoins and 27 others with a value estimated at $330,000 at the time of discovery. The botnet has also stolen over 700,000 login credentials including 600,000 for websites and 100,000 email accounts.
There are obvious attractions in targeting virtual currencies, firstly they contain money, but secondly BitCoin transactions -- by design -- cannot be reversed. Once money is transferred out of your virtual wallet there's nothing you can do. There's no authority you can contact to reverse the transaction or freeze your account.
Trading information is also open, so anyone can examine the history of a virtual wallet though the identity of the owner remains unknown. The net result of all this is that stealing virtual currencies is much easier than stealing from a bank. Exchanging for hard currency via a trading website is just another transaction and by the time it occurs any connection to the original owner of the BitCoins is gone.
Once an attacker has the wallet.dat file containing the private key he becomes just as much the owner of the wallet as its original creator. Of course the wallet file can be protected with a password but it seems that many users don't bother to do this.
If you’re worried that your BitCoin wallet may have been compromised, Trustwave has set up a website where you can enter your public key to check. There's also a site where you can enter your email address to check for compromised credentials.
Image Credit: Rob Hyrons / Shutterstock