New Waledac Variant Goes Rogue

By | February 16, 2012

Source: Dark Reading

by Kelly Jackson Higgins

In this article“Remember the infamous Storm spamming botnet that later re-emerged as Waledac and was later silenced in a high-profile takedown led by Microsoft? It’s baaaack — and this time it’s performing more malicious activity than sending annoying spam messages.

Researchers at Palo Alto Networks say earlier this month they discovered a new, more nasty variant of the Waledac malware that not only sends spam, but also steals passwords and other credentials: It can sniff for FTP, POP3, and SMTP user credentials, as well as pilfer .dat files for FTP and BitCoin.

…Williamson says his team was able to discern the new malware was a fresh variant of Waledac because the C&C model was the same. “We were able to match specific quirks in the code based on how the bot handles specific types of communications,” he says. What’s unclear, however, is whether it’s the same gang that ran Waledac or another group who got access to the code, he says.”

Leave a Reply