Waledac Botnet Owners Gather 500,000 Credentials

Security researchers at Last Line the security company, who studied Botnet Waledac that emerged during 2010-beginning found that till now it has been capable of capturing a good 500,000 credentials for accessing POP3 e-mail accounts.

It may be mentioned that Waledac has evolved from the notorious Storm computer virus that was the most dominant threat between 2007 and 2008.

State the researchers at Last Line that the Waledac operators will most probably utilize the stolen credentials for accessing the e-mails in distributing sophisticated spam scams.

Remarking about this, Developer and Threat Analyst Brett Stone-Gross at Last Line stated that attackers, by employing the e-mail log-in data to validate themselves as the e-mail dispatchers prior to distributing spam, could evade systems for filtering IP-based e-mail. Consequently, it would benefit them to utilize an authentic e-mail server instead of hijacked computers for pushing the spam. IP-related blacklists, at that stage, were relatively quite worthless, the expert analyzed. SCMagazineUS.com published this on February 2, 2011.

Moreover, Waledac has gathered 123,920 FTP server credentials too. As a matter of fact, Waledac's main operation is based on collecting and employing FTP server login credentials, Last Line noted.

Say the security company's researchers that those behind Waledac are utilizing software which automatically enable to make access to FTP servers and thereby divert Web-surfers onto websites which tout low-quality pharmaceuticals or deliver malware. During January 2011, researchers discovered 222 Internet sites, having 9,447 web-pages, which had been hijacked.

Telling further about this issue, Stone-Grass stated that the majority of the websites drew more or less smaller amounts of traffic. And the various types of websites involved, according to him, were SMB sites, personal sites, religion, adult and other sites. EWeek.com published this on February 2, 2011.

Moreover, Waledac's command-and-control (C&C) server has hitherto gained 13,070 router IDs and 12,249 distinct node IDs that form the P2P fallback update system of the botnet.

In the end, the researchers state that Waledac currently has faded substantially, however, that may not remain so considering the sheer count of hijacked e-mail accounts its operators own. Softpedia.com published this on February 2, 2011.

Related article: Waledac Trojan Suspected to be a Variant of Storm Worm

» SPAMfighter News - 2/10/2011