Browse archive

Latest news

Targeted data stealing attacks using fake attachments

A look into the EC Council hack

New Mac spyware signed with legitimate Apple Developer ID

Ransomware adds password stealing to its arsenal

"Get free followers" scam targets Instagram users

Thoughts on the need for anonymity

Four LulzSec hackers handed prison sentences

The New Yorker launches anonymous dead-drop tool

Researchers reveal OpUSA attackers' MO

Info-stealing Dorkbot worm spreading on Facebook

Review: The Hacker's Guide to OS X

Private messages of Bloomberg clients end up online

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

Waledac botmasters use Virut malware to build a new botnet

Posted on 15.01.2013

Despite having been swooped down on by security companies and law enforcement a couple of times, the botmasters of the Waledac (Kelihos) botnet refuse to give up and are using new variants to set up new versions of the original botnet.

According to Symantec researchers and the company's telemetry data, the number of computers infected with the W32.Waledac.D variant is on the rise again, and most of them are concentrated in the U.S.

This latest increase can be attributed to the influence of the Virut botnet, which has apparently been hired to distribute the aforementioned Waledac botnet variant.

Waledac's goal is to send out spam emails through servers from a list that it receives from the botnet's C&C servers, and according to the researchers' estimates, that might currently mean anywhere between 1.2 billion to 3.6 billion spam emails per day.

The email subjects vary, but the links contained in them mostly lead to Canadian online pharmacies and counterfeit performance-enhancing drugs.

"The coexistence of Virut and Waledac on a single computer is further example of malware groups using affiliate programs to spread their threats, and that threats can be linked and coexist on an already compromised computer," the researchers concluded.