http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/232600968/new-waledac-variant-goes-rogue.html By Kelly Jackson Higgins Dark Reading Feb 15, 2012 Remember the infamous Storm spamming botnet that later re-emerged as Waledac and was later silenced in a high-profile takedown led by Microsoft? It's baaaack -- and this time it's performing more malicious activity than sending annoying spam messages. Researchers at Palo Alto Networks say earlier this month they discovered a new, more nasty variant of the Waledac malware that not only sends spam, but also steals passwords and other credentials: It can sniff for FTP, POP3, and SMTP user credentials, as well as pilfer .dat files for FTP and BitCoin. Wade Williamson, product marketing manager for Palo Alto Networks, says it's the first time his team has spotted Waledac malware doing more than spam. "It is the first time that we have seen it. There have been other reports of Waledac popping up that were doing similar things, but the version of Waledac that was taken down by Microsoft was not stealing passwords," Williamson says. Waledac in its heyday was able to spew more than 1.5 billion spam email messages a day, and was best-known for its online pharmacy, phony products, jobs, and penny stock spam scams. Microsoft two years ago took the unprecedented action of securing a federal court order that, in effect, required VeriSign to cut off Waledac's 277 Internet .com domains that were serving as the connections between the botnet's command-and-control (C&C) servers and up to 80,000 bots under its control. [...] ______________________________________________________________________________ Certified Ethical Hacker and CISSP training with Expanding Security gives the best training and support. Get a free live class invite weekly. Best program, best price. www.ExpandingSecurity.com/PainPillReceived on Thu Feb 16 2012 - 00:06:11 PST
This archive was generated by hypermail 2.2.0 : Thu Feb 16 2012 - 00:03:45 PST