Trustwave said on Monday that it has found evidence that the
operators of a cybercrime ring known as the Pony botnet have stolen
some 85 virtual "wallets" that contained bitcoins and other types of
digital currencies. The firm said it did not know how much digital
currency was contained in the wallets.
"It is the first time we saw such a widespread presence of this type
of malware. It was on hundreds of thousands of machines," said Ziv
Mador, security research director with Chicago-based Trustwave.
Trustwave said it believes the crime ring is still operating, though
it does not know who is running the group. The company said it has
disrupted the servers that were controlling machines infected with
Pony, but expects the group to launch more attacks on virtual
A representative for the Bitcoin Foundation, a trade group that
promotes adoption of the virtual currency, advised bitcoin users to
store their currency offline in a secure location to prevent cyber
criminals from stealing them.
"Electronic wallet security continues to improve by leaps and bounds
as hardware wallets become available and we start to see software
wallets that support multi-signature transactions," said the Bitcoin
Foundation's director of public affairs, Jinyoung Lee Englund.
Trustwave's discovery comes after an unrelated cyber attack that
spammed bitcoin exchanges earlier this month. That attack prompted
at least three online virtual currency traders to halt withdrawals,
causing bitcoin's value to plunge 33 percent over three weeks.
Bitcoin is a digital currency sustained by software code written by
an unknown programmer or group of programmers. It is not governed by
any one company or person, and its value is determined by user
People who buy digital currency can store it in virtual wallets on
their own machines or with companies that offer storage and security
Mador said digital currency theft is still in its infancy, but that
it is likely to grow. He said that digital currency buyers can
protect themselves from hackers by using encrypted files.
"Most websites don't encrypt them by default, but you can turn them
on," he added.
[to top of second column]
Botnets are collections of infected computers that take orders from
central "command and control" servers. The botnets steal data from
compromised PCs and can also deliver other types of malware that
force them to perform tasks.
This is at least the third type of fraud to surface involving
digital currencies. Criminals have previously hacked into
marketplaces where digital currencies are traded by exploiting
security flaws in those sites, then stealing those currencies,
according to Trustwave. (http://bit.ly/1hphzRj)
Cyber criminals have also developed botnets that force enslaved
computers to create, or "mine", digital currencies, which the
fraudsters then claim as their own.
Bitcoin mining is a time-consuming process in which computers
perform complex math calculations. The operators of those botnets
are stealing electricity and data center resources when they use
compromised machines to mine digital currencies.
Trustwave in December uncovered a trove of some 2 million stolen
passwords to websites including Facebook Inc, Google Inc, Twitter
Inc and Yahoo Inc while probing a command and control server using a
less sophisticated version of the Pony malware.
Trustwave said on Monday that the new version of Pony compromised
another 600,000 website credentials.
(Users can go to these Trustwave sites to check if their bitcoin
wallets and credentials have been stolen:
(Addition reporting by Emily Flitter in
[© 2014 Thomson Reuters. All rights
Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.