English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Polski Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

SPAMfighter is

Microsoft Gold Certified Partner

SPAMfighter also

Works with Windows Vista

SPAMfighter Exchange Module is Microsoft certified ".net connected".

Microsoft .NET Connected

Waledac Trojan Suspected to be a Variant of Storm Worm

Shadowserver, an online security company, has released a detailed study of a malicious worm called Waledac, suspecting that the malware is a variant of the infamous Storm Worm spreading through sophisticated means.

Security researchers said that during the past few weeks, users with malicious intent have tried to disseminate the Trojan via e-mail, telling the recipient that there is a holiday e-card for him/her supposedly from a friend. But on clicking the link given in the e-mail, the user is led to a website where efforts are made to install the virus using a JavaScript reference linking to "google-analysis.js."

However, the attack code downloads a webpage from seocom.mobi that gives commands to the exploit. It is a fairly complex network as it utilizes fast-flux domains i.e. domains that constantly resolve to separate IP addresses. More analysis indicates that there is a P2P network that camouflages the origin, causing difficulty in shutting it down.

According to Steven Adair, Security Expert at Shadowserver, the working suggests that nodes of web servers push on and transmit traffic over to the nodes of remaining web servers within the P2P network, as reported by SecurityProNews on December 31, 2008.

Adair added that another interesting issue was that in case the Trojan fails to link to any IP among the given series for at least 10 minutes, it would try to snatch a php file from any of the hard-coded domains within the binary.

All of this has striking similarity with Storm Worm, multiple servers, fast-flux network, use of postcard.exe and ecard.exe files. Therefore, users are advised not to click on links provided in e-mails. Also, they should continually run antivirus software on their computers.

However, according to the security specialists, the most appropriate alternative is to deactivate the domains. Shadowserver published the names of certain domains that are affiliated to the Waledac Trojan. These are cheapdecember.com, blackchristmascard.com bestchristmascard.com and cardnewyear.com.

Meanwhile, in a similar alert from the security company ESET in the end week of December 2008, it was said that Waledac had much more capability than the Storm Worm.

» SPAMfighter News - 07-01-2009

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird - Read more

Slow PC? Try SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now.

 

Exchange spam filter

SPAMfighter Exchange Module is a spam/virus filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial

<<<>>>