Fox-IT writes in a blogpost Ponmocup – A giant hiding in the shadows: Ponmocup, first discovered in 2006 as Vundo or Virtumonde, is one of the most successful botnets of the past decade, in terms of spread and persistence. The reasons why this botnet is considered highly interesting are that it is sophisticated, underestimated and is currently largest in size and aimed at financial gain.
This underestimated botnet is still in active use and under continuous development. Having established that Ponmocup’s primary goal is likely financial gain, it is interesting to look at its size. Fox-IT has determined that it has infected a cumulative total of more than 15 million unique victims since 2009. At its peak, in July 2011, the botnet consisted of 2.4 million infected systems, which as far as botnets go, is huge. Since then, the botnet has shrunk in size and is currently stable at around 500,000 active infections, as shown below: