Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Symantec Digs Roots of Waledac Botnet

In a series of blog posts and in a new paper, Gilou Tenebro, researcher at Symantec, has discussed the aspects that led Waledac to become one of the most dynamic botnet at present, reported eWeek on September 4, 2009. Tenebro has thoroughly studied all facets of Waledac, ranging from its armoring and bootstrapping capabilities to the techniques used by it to launch spam campaigns.

As per the researcher, Waledac's P2P (peer-to-peer) capability is at the middle of its success that provides it with extra resistance to ISP takedowns, such as the one which crippled Srizbi.

Majority of botnets are still using the traditional command and control paradigm for communicating with their bots that offers them easy management at the expense of resiliency.

Gerry Egan, Director, Symantec Security Response, said that the stated that the traditional technique has the advantage of being faster, thus it becomes easier for a botmaster to do a task in a short notice of time, reported eWeek on September 4, 2009. But the P2P model is relatively much slower as it makes botnet increasingly resilient to the attempts of takedown, he added.

However, Egan is not much sure on the exact number of bots constituting Waledac at present, saying that its P2P communication makes it difficult to know the exact number. The botnet has expanded by infecting systems across the world through W32.Waledac, a worm that propagates by sending e-mails having links to its own copies. He further explained that the worm opens a backdoor on the infected systems.

Additionally, Tenebro explained that Waledac uses fast flux hosting for its domains, which means that in a short notice of time, a Waledac domain can switch to multiple hosts that can be serving merely as proxies. It becomes harder to track a source in case of a fast flux DNS (Domain Name System) and this is virtually one of the defense mechanisms of Waledac.

The blog of Tenebro further stated that Waledac is a widespread and effectual spam bot that has been enjoying success for past some time. This success is partly attributed to the time and efforts that were put into creating it; especially, the protocol used by Waledac to communicate is encrypted quite strongly.

Related article: Sentence for American Contractor for Sabotaging Government Navy Computers

ยป SPAMfighter News - 23-09-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next