Downloader.Ponik
Posted: November 13, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 59 |
| First Seen: | November 13, 2012 |
|---|---|
| OS(es) Affected: | Windows |
Downloader.Ponik is a Trojan downloader that currently is being distributed by fake Mtgox websites – criminal phishing sites that imitate the appearance of the real Bitcoin-trading Mtgox.com as much as possible. These fake Mtgox sites distribute Downloader.Ponik as an executable file that is named to make it look like a Bitcoin wallet program, and Downloader.Ponik proceeds to make system changes that enable Downloader.Ponik to download other malware and even steal some types of confidential information from your PC. Education and browser-based anti-malware protection are your two best ways of deflecting Downloader.Ponik's confirmed infection vectors, and SpywareRemove.com malware experts encourage the use of anti-malware software in any case where you have a reason to think that Downloader.Ponik has made it through your defenses.
Downloader.Ponik: the Crook that Uses Currency for Concealment
The Downloader.Ponik attack campaign is closely linked to recent events regarding phishing attacks against users of the Mtgox.com website, a site that's well-known as the single largest Bitcoin-trading domain on the Web. Criminals have set up a series of copycat Mtgox websites, using such alternate domain names as .NET and .ORG, to mirror the look of Mtgox.com exactly – or at least as exactly as they can manage. Besides the difference in the Web address, SpywareRemove.com malware researchers also note that you can identify a Downloader.Ponik-affiliated phishing site by looking for the absence of the Secure Socket Layer (SSL) – a security protocol that usually displays as an icon or banner next to the website's URL in your browser.
Besides trying to trick victims into giving their Mtgox information away, these sites also will encourage you to download Downloader.Ponik, which is disguised as a Bitcoin-management application. Downloader.Ponik is designed to launch automatically in a concealed fashion and may install any number of other forms of malicious software, according to its configuration and instructions received from the servers that Downloader.Ponik contacts. SpywareRemove.com malware experts also noted that Downloader.Ponik appears to include some limited spyware functions that could allow Downloader.Ponik to steal your passwords and related account information.
Protecting Your Personal Piggy Bank from Downloader.Ponik
If you've visited a Mtgox phishing site and given it any personal information whatsoever, you should work under the assumption that your information is compromised, and all appropriate precautions should be taken. Whether or not your computer shows any obvious signs of being infected with Downloader.Ponik, SpywareRemove.com malware analysts recommend scanning your machine with anti-malware tools after any contact with a fake Mtgox site (or, of course, other malicious websites). Since Downloader.Ponik can install an indefinite number of variable PC threats, removing Downloader.Ponik ASAP is paramount to protecting your computer from related attacks.
Copycat and phishing sites like those used to distribute Downloader.Ponik usually are identifiable through the subtle dissimilarities between them and the sites they attempt to imitate. Always double-check for security features like the SSL before entering personal information, scan suspicious files before opening them, and try to use anti-malware products that include some measure of browser-based security features.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.