New Virus Poses as Holiday Card Pops Up
As per news reports published by internetnews on December 23, 2008, security provider ESET has isolated a new virus namely W32/Waledac. It is also learnt that ESET regards this virus as much more dangerous than the infamous Storm worm that had ruled the world of botnets for almost two years.
Moreover, ever since the Storm botnet subsided, a new continuum of social engineering through e-mails has been using vacation themes to get users to view e-greeting cards, or making them read other Christmas themed content, according to experts at the security firm ESET.
ESET Researcher, Pierre-Marc Bureau, states that the firm started getting reports on December 22, 2008 about e-mails containing links leading to holiday themed greetings. These e-mails include a link leading to an executable file named ecard.exe. Obviously, the file is malware rather than a holiday card. However, this surge of malware attracted the attention of ESET because it was quite similar to the Storm attacks the company had witnessed in 2007, as reported by The Tech Herald on December 22, 2008.
Further, while describing the way the newly found malware works, Pierre-Marc Bureau said that once a user clicks on the link, a backdoor is downloaded that links to another website and records information online from the user's computer.
Bureau further says that the attack employs fast-flux so that the web servers of the attack can not be traced. It also makes difficult for security experts to trace the redirection page which is quite similar to those that Storm used in 2007. Yet, the attack isn't the revival of the Storm botnet, notes Bureau.
Meanwhile, ESET has described the new virus as a new version of Win32/Waledac malware after studying the malevolent links as well as the downloaded files that first appeared on the Web during March 2008.
The security researchers at ESET reveal that the new malware bears no P2P abilities and utilizes an Open Source packer in place of the tailored packer that Storm had used. Furthermore, the EXE files that ESET examined bear cryptographic abilities that the Storm worm did not have.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 31-12-2008