Waledac More Extensive Than Expected
Researchers from University of Vienna and University of Mannheim have recently found that Waledac botnet is far much efficient and bigger than that thought previously. These researchers were carrying out an undercover operation to explore more about the scope and size of Waledac, infamous as the successor of Storm botnet.
The team of researchers gallantly intruded the spamming botnet from August 6, 2009 till September 1, 2009 by means of a cloned Waledac bot which was built and code-named Walowdac by them. It is geared with all the communication traits of Waledac but neither does it send spam e-mails nor does it execute any other command.
Explaining the aforementioned fact, researcher Thorsten Holz stated that they used an implementation of the bot made by them that follows all the protocols and communicates just like a bot would do. The bot was in their full control and didn't send any junk e-mail; it merely partook in the communications, reported dark READING on January 5, 2009.
Walowdac supplied Waledac with the IP addresses of the systems under the analysis of the researchers. This enabled researchers to collect all the details about the botnet and its internal workings. They discovered that the botnet runs at least 55,000 bots per day, with almost 390,000 bots in total, much bigger than the earlier estimates of 20,000.
During their investigation, the researchers also observed various modifications applied by the bot master to the botnet so as to introduce new attributes such as the theft of sensitive information. They also found that the botnet is very quick to respond to the frequent changes and updates to the core operation.
In addition to this, researchers measured the success rates of different spam campaigns run by Waledac.
Here, it is noteworthy that it's more than a year now when Waledac emerged after the sudden disappearance of the nasty Storm botnet in 2008, which had expanded to become of the biggest botnets seen ever. It is claimed to have re-surfaced in the form of Waledac, with fresh malware and an even more sustainable architecture.
In the meantime, Waledac has grown in popularity among the researchers as a subject of study. Researchers from various security firms like Symantec, ESET and Trend Micro have also conducted deep studies on it.
Related article: Waledac Trojan Suspected to be a Variant of Storm Worm
» SPAMfighter News - 18-01-2010