Bot Herders Build Newer Versions of Previous Botnet Waledac

According to investigators from Symantec the security company, even as law enforcement and security agencies pounced a few times on the notorious Waledac (also called Kelihos) bot-masters, the latter just won't surrender as they're employing fresh variants for establishing still newer networks of the earlier army-of-bots.

Symantec's researchers state that there's yet again an increase in the total number of PCs having the new W32.Waledac.D infection, with the majority of the devices being within USA.

This most recent rise is reportedly because of Virut botnet whose services are rented for disseminating the above stated new Waledac variant.

Unfortunately, too many PCs are contaminated with Waledac, while all the zombies individually can dispatch approximately 2,000 spam messages/60 minutes.

Specialists contend that incase 25% of the total 300K PCs contaminated with Virut pulls down Waledac too from the Web then approximately 3.6bn spam messages can get dispatched within 24-hrs, provided a hijacked PC remained active for those many hours.

And while captions of the spam mails differ, the web-links embedded on them commonly take onto fake performance-enhancing medicine or Canadian pharmaceutical sites.

Manager-of-Operations Liam O'Murchu with Symantec Security Response, the team that uncovered the latest Waledac instances stated that cyber-criminals frequently utilized Virut for disseminating their malicious programs, as it presented backdoor facilities to the attackers for acquiring admission into hijacked PCs. SCMagazine.com published this dated January 15, 2013.

O'Murchu further stated that Virut would pull down and load fresh malware as one among several methods for the botnet-herders to churn revenue.

The Virut malware that contained "worm-like features" too, influenced Windows Vista, XP as also previous editions, along with Windows Server ME, NT, 2003 and 2008. Victims became contaminated via drive-by downloads, however, the malware had the capability of contaminating PHP, HTML and ASP files, which incase were shared through removable devices or e-mails, could help Virut to spread further, O'Murchu added.

Waledac and Virut co-existing on one individual PC was further proof that groups of malicious programs utilized affiliate software for disseminating their payloads, while malicious payloads could be interconnected as well as co-existent on any PC that was already compromised, the security company concluded.

Related article: Bot Builds Spam - Spreading Zombie Army

» SPAMfighter News - 1/21/2013