Waledac is back just in time to have a BANG on the 4th of July
Posted by jeremy on July 3rd, 2009
I was shocked this morning when my Waledac Tracker shot me an email saying new binaries were being retrieved and this little menace known as Waledac woke up from it’s dormant state. After almost a month of inactivity the Waledac botnet has risen from the dead in an “Independence Day” themed spam run. This new theme for Waledac is very similar to past “Storm Worm Independence Day” we saw last year. I simple spoof of “You Tube” video, which is just waiting for you to click on and deliver a nice little copy of the Waledac Trojan in a executable format (binary). Here is a screen shot of the current page being served up:
I do not see any exploit code or iframe re-directions on the current page, but of course this could easily change at anytime. Without the exploits or iframe re-directions to awaiting exploit packs, a victim of Waledac will have to execute the binary all by themselves. This new binary comes with no real Antivirus Detection with Virus Total results like this: Result: 4/41 (9.76%). I am sure once the Antivirus companies realize what is going on this will improve, but until then we must rely on the education of our users and hopefully some good software installation restrictions and policies to prevent this for now.
Don’t be a victim and have a “Happy 4th of July”!
July 5th, 2009 at 10:15 am
[...] Sudosecure.net have a posting that contains a similar screenshot to Websense’s. However, there are also some past posts there on Waledac that you might find interesting. [...]