Waledac Botnet Increasingly Bombarding Inboxes with Spam!

News

Contributed by: Aurelija Skurvydaite
Date: April 22, 2009

	8 Vote 0	Waledac Botnet Increasingly Bombarding Inboxes with Spam!

Security experts are warning everybody - stay alert and don't allow spammers to trick you, infect your computer and steal your personal and financial information. That's exactly what a simple, at the first sight, email message with an innocent-looking attachment or link can do. And although it's impossible to prevent those cyber criminals from spreading malicious emails, we can at least inform you about the most recent spam campaigns. This is what I'm going to do right now in this article.

Since last December, Waledac botnet has been increasingly bombarding our inboxes with various malicious spam messages prompting users to either click on the provided link or to download an attachment. The most recent spam campaigns related to Waledac offer users:

free foot fetish movies
online casino advertisements
the ability to spy on somebody else's (for example, a lover's) SMS messages with a special program

In the first two cases users are prompted to click on the provided links that then redirect them to websites featuring videos or advertisements. In the spam campaign with the SMS spy program, potential victims are prompted not only to click on the provided link but also to download a special spy program for a free trial (see the three screenshots below).

The link "Download Free Trial" leads to the download of an executable file (free.exe; smstrap.exe; install.exe; setup.exe etc.) which installs a Waledac bot into the user's system. When clicked, a Trojan file with MD5 ae9404cf5996d04a5ed8e32daf7cdbe1, MD5 e850623f01998ea2547fb7fcd088b559, MD5 890bf32b34b7abab7aa7ea049215c429 or MD5 05853afd4cdd87e9f1ae03226ca0ff02 will be downloaded on the user's system.

The following tables present other known aliases of the Trojan, downloaded by the four executable files. Since this antivirus detection information was collected on the 17th of April, there may already be new variants of this malware that are not given in the table.

free.exe

TR/Crypt.ZPACK.Gen

Worm/Win32.Iksmas

Win32:WalDrop

Win32/Heur

Trojan.Waledac.Gen.1

(Suspicious) - DNAScan

Packed:W32/Waledac.gen!I

W32/WaledPak.A@mm

Trojan.Waledac.Gen.1

Email-Worm.Win32.Iksmas.all

W32/Waledac.gen.j

Trojan.Crypt.ZPACK.Gen

Trojan:Win32/Waledac.gen!A

a variant of Win32/Waledac.IX

Mal/WaledPak-A

Packed.Generic.22

smstrap.exe

TR/Crypt.ZPACK.Gen

Win32:WalDrop

Trojan.Waledac.Gen.1

(Suspicious) - DNAScan

Packed:W32/Waledac.gen!I

Trojan.Waledac.Gen.1

Email-Worm.Win32.Iksmas.all

W32/Waledac.gen.j

Trojan.Crypt.ZPACK.Gen

Trojan:Win32/Waledac.gen!A

a variant of Win32/Waledac.IX

Mal/WaledPak-A

Packed.Generic.221

Table 1. Alias Names of Trojan dropped by free.exe Table 2: Alias Names of Trojan dropped by smstrap.exe

install.exe

Trojan-Downloader.Win32.Renos!IK

Win-Trojan/Fraudload.73222

TR/Dldr.FraudLoad.vjva

W32/Trojan-Obfuscated.2!Generic

Win32:Falder

FakeAlert.HR

Trojan.Generic.1436460

TrojanDownloader.FraudLoad.vj

Trojan.Downloader-68829

Win32.Banker

W32/Trojan-Obfuscated.2!Generic

Trojan-Downloader:W32/FraudLoad.DN

W32/FraudLoad.VKBK!tr.dldr

Trojan.Generic.1436460

Trojan-Downloader.Win32.Renos

Trojan-Downloader.Win32.FraudLoad

Trojan-Downloader.Win32.FraudLoad.vkbk

Generic Downloader.x

Trojan.Dldr.FraudLoad.vjva

Trojan:Win32/FakeRean

Win32/Adware.XPPoliceAntivirus

W32/DLoader.NHMI

Trojan-Downloader/W32.FraudLoad.73222

Trojan-Downloader.FraudLoad!sd6

High Risk Cloaked Malware

Mal/FakeVirPk-A

Trojan-Downloader.Win32.FraudLoad.vkbk

Trojan/Downloader.FraudLoad.vjsq

TROJ_DLOADR.ZO

Malware-Cryptor.Win32.Xla.a

Trojan.DL.FraudLoad.CLO

setup.exe

TR/Crypt.ZPACK.Gen

Win32:WalDrop

Win32/Heur

Trojan.Waledac.Gen.1

(Suspicious) - DNAScan

Packed:W32/Waledac.gen!I

Trojan.Waledac.Gen.1

Email-Worm.Win32.Iksmas.all

W32/Waledac.gen.j

Trojan.Crypt.ZPACK.Gen

Trojan:Win32/Waledac.gen!A

a variant of Win32/Waledac.IX

Packed.Generic.221

Table 4. Alias Names of Trojan dropped by setup.exe

Table 3. Alias Names of Trojan dropped by install.exe

Once again you are strongly advised to beware of unsolicited email messages even though they may appear to come from legitimate sources. Clicking links in these messages almost always leads to malware or to malicious web pages. Don't allow cyber criminals to trick you: protect your computer and yourself! Use appropriate anti-virus software and anti-spam filters and keep them up-to-date.

Resources:
Waledac botnet spamming fake SMS spying tool
WALEDACâ€™s Latest Spamming Fetish
Online Casino, Geocities, and Waledac
AV Analysis

User Comments

scwsafbll February 19, 2012

lxVg6d , [url=http://ytzmlnujrxeh.com/]ytzmlnujrxeh[/url], [link=http://arhfdfqylmyg.com/]arhfdfqylmyg[/link], http://boiqgsopbybt.com/

eoxkkpwjy February 19, 2012

RiKRod <a href="http://yzglzqomvaul.com/">yzglzqomvaul</a>

Ahmed February 18, 2012

PLEASE rreidect your ASBSP.exe file, the link is broken, and it's saying there are too many users. I have this EXACT problem and I desperately need that file. Thank you!

Top 10 Malware Threats

1.	Security Monitor
2.	Win 7 Home Security
3.	AV Protection 2012
4.	Cloud AV 2012
5.	System Fix
6.	Privacy Protection
7.	System Security 2012
8.	Duqu Trojan
9.	Windows Monitor
10.	PC Shield 2012

Most searched files

1.	vprot.exe
2.	GameXNGO.exe
3.	setup.ovr
4.	RosebudMUI.msi
5.	fp_ax_cab_installer.exe
6.	phoenix.exe
7.	InfDefaultInstall.exe
8.	AcroPro.msi
9.	FlashUtil11c_ActiveX.exe
10.	WinBootstrapper.msi

Newest files

1.	FlashUtil32_11_2_202_228_ActiveX.exe
2.	sisnicxp.sys
3.	NTIDrvr.sys
4.	int15.sys
5.	anbmServ.exe
6.	E_FATIADA.EXE
7.	HP_IZE.exe
8.	viaagp1.sys
9.	SISAGPX.sys
10.	R8139n51.SYS

Home Tips Downloads Videos Files Virus list Vulnerabilities

Home > Viruses Through Email > Waledac Botnet Increasingly Bombarding Inboxes with Spam!