Fresh Waledac Variant Promoting SMS Spying Software

Security researchers have posted an alert that Waledac, a computer virus, is spurring a fresh spam campaign. The e-mails in the campaign pose to offer a program with which a user could intercept other people's 'Short Messaging Service' (SMS) messages. However, the program only installs a malware on the user's computer.

The e-mails lure recipients to click on the URLs provided in them by showing subject lines such as "You can read anyone's SMS," or "Does your partner truly love you?"

However, clicking on the URLs brings up a web page that is nothing but a misrepresentation of a website selling an authentic SMS-spying program. Subsequently, when gullible users try to download the application from the counterfeit page, they are served with differently named files like freetrial.exe, smstrap.exe, and sms.exe, each of which actually is the Waledac virus.

Here it is worth mention that out of the 39 antivirus software relating to VirusTotal, a free online service that scans malware and viruses, only 13 were able to spot the Waledac variant.

Security researchers have also revealed that the Waledac spam scams normally try to attain success by exploiting current news, holidays or international events that draw a large number of people's interest. However, the recent Waledac spam scam is somewhat different as it takes advantage of the particularly suspicious natured people.

Meanwhile, Trend Micro reports that the Waledac virus is continuously transforming into numerous variants, some of which are TROJ_WALEDAC.IC, TROJ_WALEDAC.HK, WORM_WALEDAC.KW, WORM_WALEDAC.LN and WORM_WALEDAC.KT. Furthermore, Trend Micro predicts that there could be more Waledac variants appearing in the near future, as a number of domains are hosting the malevolent files.

In fact, Gary Warner, Director of Research in Computer Forensics at the University of Alabama at Birmingham (UK) has detected several domains having a connection with the latest Waledac spam scam as well as with the previous Waledac campaigns, as reported by softpedia on April 17, 2009.

Asier Martinez, malware Researcher at Panda Security, observes that there has been a spike in Waledac's activities during January-March 2009, with a 200% increase during the 1st two weeks of April 2009 over February 2009, as reported by softpedia on April 17, 2009.

Related article: Fark.com Files Suit against Suspected Hacker from Fox13

» SPAMfighter News - 4/24/2009