RSS Alerts

Share

More services

Related Links

Related Stories

  • Gumblar malware attack sweeps web
    A modified attack that alters Google searches is taking the web by storm according to security researchers, who have identified more malware domains being used in the attack.
  • Fake search engines used to divert users to malware infected websites
    Hackers are starting to create fake search engine sites to divert hapless internet users to malware infected websites, says PandaLabs, the research operation of Panda Security.
  • McCartney site serves up Zeus malware
    Paul McCartney's site was serving up the Zeus trojan for three days, according to UK security firm ScanSafe. The attack, in which paulmccartney.com was compromised with malicious Javascript, appears to have been tailored to coincide with interest in his New York reunion concert last weekend.
  • Mac Trojans Proliferate
    Malware writers must be celebrating the 25th anniversary of the Mac. Intego, which produces antivirus software for the OS X. platform, noticed two Trojan programs circulating in the past week on peer-to-peer sites, buried within pirated copies of high-value Mac programs.
  • Russian Fake Antivirus Software Firm Rakes in $5 Million
    A Russian firm at the heart of fake anti-virus software, which allegedly generates false virus and malware alerts when the package is loaded, has boasted of making $5 million a year.

Top 5 Stories

News

Waledec botnet sweeps web in July 4 campaign

07 July 2009

The team behind the Waledec botnet mounted a new malware campaign over the July 4 weekend that has infected thousands of PCs.

A mass email was sent out inviting people to watch a video of July 4 fireworks celebrations, with headlines including "America the Beautiful", and "Bright and joyful Fourth of July". It included a link to a website purporting to show videos of the fireworks celebrations, but which were in fact veiled malware links.

"The American Pyrotechnics Association has named the South Shores July fireworks show as the best pyrotechnic display in the nation," said the page linked to in the spam mail. The page also included the YouTube logo, and a representation of what looks like a blank YouTube video waiting to be played.

"If you want to see this fantastic show just click on the video below and press 'run'," the text on the botnet page urged. The link downloads the W32.Waledec malware executable.

Various information security vendors picked up the Waledec botnet run, which is similar in its approach to the techniques used by the creators of Storm, Waledec's predecessor, in that the emails are based around holiday events, and include minimal text, with a link.

Threatfire identified a selection of fast-flux domains that are being used for this Waledec iteration, including 4thfireworkcom, holifireworks.com, and video4thjuly.com.

"Instead of registering these domains through Xin Net Technologies, this time around they were registered through China Springboard, Inc. It is quite likely that this provider will be one to watch for the next few holidays," the company said.

According to Cisco, the Storm botnet was reborn as Waledec in December 2008. Although the basic structure of the malware and botnet had not changed much, the company said that the business partnerships between the development team and third parties had expanded. There were now links to the team behind Conficker, for example, as Conficker.E was found to be updating itself with the Waledec malware.

"Conficker had previously done little to monetize their botnet, while the Storm/Waledac crew knew how to squeeze every penny out of their botnet to make millions," said the company in a blog post. "It was a partnership made in hell: Conficker gets a revenue stream and Waledac gets more bots."

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012