[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] New Waledac Variant Goes Rogue


By Kelly Jackson Higgins
Dark Reading
Feb 15, 2012

Remember the infamous Storm spamming botnet that later re-emerged as Waledac and was later silenced in a high-profile takedown led by Microsoft? It's baaaack -- and this time it's performing more malicious activity than sending annoying spam messages.

Researchers at Palo Alto Networks say earlier this month they discovered a new, more nasty variant of the Waledac malware that not only sends spam, but also steals passwords and other credentials: It can sniff for FTP, POP3, and SMTP user credentials, as well as pilfer .dat files for FTP and BitCoin.

Wade Williamson, product marketing manager for Palo Alto Networks, says it's the first time his team has spotted Waledac malware doing more than spam. "It is the first time that we have seen it. There have been other reports of Waledac popping up that were doing similar things, but the version of Waledac that was taken down by Microsoft was not stealing passwords," Williamson says.

Waledac in its heyday was able to spew more than 1.5 billion spam email messages a day, and was best-known for its online pharmacy, phony products, jobs, and penny stock spam scams. Microsoft two years ago took the unprecedented action of securing a federal court order that, in effect, required VeriSign to cut off Waledac's 277 Internet .com domains that were serving as the connections between the botnet's command-and-control (C&C) servers and up to 80,000 bots under its control.


Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.
Get a free live class invite weekly.  Best program, best price.