Waledac Botnet Using New Year Theme to Expand

As per the warning issued by the security experts on December 31, 2009, cyber crooks responsible for Waledac have started going for a scam themed on New York to trap more victims.

According to Mikko Hyppönen, chief research officer at anti-virus firm F-Secure, Waledac is circulating spam e-mails with "Happy New Year 2010" as subject line. The e-mails also contain a link claiming to be a greeting card, as per the news published by SCMagazine on December 31, 2009.

Hyppönen said that in case a user follows this link, he/she gets directed to certain domain that tries to abuse known flaws in Internet Explorer and Adobe Flash and Reader. The basic perception of the attackers is that one of the aforementioned programs at least will not be updated by users against the latest patches.

The website link provided in the scam e-mail lands victim to a fast flux domain site serving Trojan-Downloader:W32/Agent.MUG. The victim will become a part of the botnet once he/she installs the Trojan. Installing this Trojan gives attackers complete access to the victim's system and, in turn, the opportunity to harvest information from the computer. According to a blog published on the F-Secure's website on December 31, 2009, the Trojan will also attempt to install other malware.

According to Randy Abrams, director of technical education at anti-virus vendor ESET, this particular Trojan can also command the compromised system to download forged anti-virus programs, circulate spam e-mails, or be a part of denial-of-service attacks, as per the news published by SCMagazine on December 31, 2009.

Experts said that the users must therefore be wary of this new campaign along with the similar ones as these may keep creeping in over the coming days. Moreover, the users should be watchful while reading electronic New Year wishes for 2010.

It is noteworthy that the beginning of 2009 faced a similar scam. W32/Waledac variant of this Trojan was used in that scam. In this case, users received an e-mail informing them of an e-holiday card. The e-mail also asked the recipients to click on a link directing to a filename ecard.exe and read it. Doing so, the link downloaded a backdoor connecting to another website and stealing important data from their systems.

Related article: Waledac Trojan Suspected to be a Variant of Storm Worm

» SPAMfighter News - 1/8/2010