[ISN] New Waledac Variant Goes Rogue

From: InfoSec News <alerts_at_private>
Date: Thu, 16 Feb 2012 02:06:11 -0600 (CST)
http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/232600968/new-waledac-variant-goes-rogue.html

By Kelly Jackson Higgins
Dark Reading
Feb 15, 2012

Remember the infamous Storm spamming botnet that later re-emerged as 
Waledac and was later silenced in a high-profile takedown led by 
Microsoft? It's baaaack -- and this time it's performing more malicious 
activity than sending annoying spam messages.

Researchers at Palo Alto Networks say earlier this month they discovered 
a new, more nasty variant of the Waledac malware that not only sends 
spam, but also steals passwords and other credentials: It can sniff for 
FTP, POP3, and SMTP user credentials, as well as pilfer .dat files for 
FTP and BitCoin.

Wade Williamson, product marketing manager for Palo Alto Networks, says 
it's the first time his team has spotted Waledac malware doing more than 
spam. "It is the first time that we have seen it. There have been other 
reports of Waledac popping up that were doing similar things, but the 
version of Waledac that was taken down by Microsoft was not stealing 
passwords," Williamson says.

Waledac in its heyday was able to spew more than 1.5 billion spam email 
messages a day, and was best-known for its online pharmacy, phony 
products, jobs, and penny stock spam scams. Microsoft two years ago took 
the unprecedented action of securing a federal court order that, in 
effect, required VeriSign to cut off Waledac's 277 Internet .com domains 
that were serving as the connections between the botnet's 
command-and-control (C&C) servers and up to 80,000 bots under its 
control.

[...]


______________________________________________________________________________
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.
Get a free live class invite weekly.  Best program, best price.
www.ExpandingSecurity.com/PainPill
Received on Thu Feb 16 2012 - 00:06:11 PST

This archive was generated by hypermail 2.2.0 : Thu Feb 16 2012 - 00:03:45 PST