[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] New Waledac Variant Goes Rogue
By Kelly Jackson Higgins
Feb 15, 2012
Remember the infamous Storm spamming botnet that later re-emerged as
Waledac and was later silenced in a high-profile takedown led by
Microsoft? It's baaaack -- and this time it's performing more malicious
activity than sending annoying spam messages.
Researchers at Palo Alto Networks say earlier this month they discovered
a new, more nasty variant of the Waledac malware that not only sends
spam, but also steals passwords and other credentials: It can sniff for
FTP, POP3, and SMTP user credentials, as well as pilfer .dat files for
FTP and BitCoin.
Wade Williamson, product marketing manager for Palo Alto Networks, says
it's the first time his team has spotted Waledac malware doing more than
spam. "It is the first time that we have seen it. There have been other
reports of Waledac popping up that were doing similar things, but the
version of Waledac that was taken down by Microsoft was not stealing
passwords," Williamson says.
Waledac in its heyday was able to spew more than 1.5 billion spam email
messages a day, and was best-known for its online pharmacy, phony
products, jobs, and penny stock spam scams. Microsoft two years ago took
the unprecedented action of securing a federal court order that, in
effect, required VeriSign to cut off Waledac's 277 Internet .com domains
that were serving as the connections between the botnet's
command-and-control (C&C) servers and up to 80,000 bots under its
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.
Get a free live class invite weekly. Best program, best price.