Waledac Poses Threat to Legitimate Web sites

The researchers at Shadowserver, a volunteer intelligence firm, have revealed that the Waledac Trojan that used to trick people into visiting malware-hosting or pharma-hawking Web sites might be seeking even authentic Web sites for the purpose.

They have a discovered a fresh wave of Waledac spam that looks to be using services of Blizzard Image Hosting, an apparently legitimate company that offers hosting services for picture galleries and photo portfolios.

The spam e-mail talks of the company and contains a link to the Web site of the company. However, as per the blog of Steven Adair of Shadowserver, nothing malicious or suspicious was discovered on visiting the site, as reported by SCMAGZINE on April 2, 2009.

Adair further said that the information which is being spammed about Blizzard Image Hosting has remained unaltered and bulk of Waledac's spam circulation comprise of that information. Also, the site did not promote the sale of pornography, pharmaceuticals or cheap products; neither had it made efforts to exploit the users' browsers.

The creators of Waledac appear to have gained success, if they were just aiming to hamper the image of Blizzard. While visiting the site, a message appears which states that the account has been suspended. Adair told that the on April 1, 2009, home page of the site displayed a message from owner, saying that he was aware of the offender and was trying to contact the federal authorities for investigations.

Besides, the organization has also witnessed targeted botnet attacks launched from several machines. These botnet attacks frequently make use of the technique of spear-phishing, using malicious links or PDF attachments that purport to be genuine as they comprise information familiar to the user.

Security experts stated that by clicking such malicious links, downloading free-of-cost (or pirated) software and opening attachments in the malicious payloads, users are actually assisting the cyber criminals. malware can act as a platform to illegally obtain the information passing through it, provided right malware is placed on the PC. In fact, employing several such infected/compromised systems in a company may lead to a large scale data breach, as per Shadowserver.

Related article: Waledac Trojan Suspected to be a Variant of Storm Worm

» SPAMfighter News - 4/8/2009