New Waledac spam falsely warns of bomb blasts

By on
New Waledac spam falsely warns of bomb blasts

Security companies warned today of a new malware campaign in which the Waledac botnet creators are distributing emails that falsely claim the recipient's city has been the site of a bomb blast.

Security companies warned today of a new malware campaign in which the Waledac botnet creators are distributing emails that falsely claim the recipient's city has been the site of a bomb blast.

The emails contain a link that leads to a malicious site, complete with the logo for news agency Reuters. The headline across the mock page, customised for each viewer thanks to geolocation technology that enables the site to map incoming IP addresses, warns of a "powerful explosion" in the victim's city, Dan Hubbard, CTO of security firm Websense, told SCMagazineUS.com.

Below that is a brief news story and a video player, said Hubbard, who added that Websense has received tens of thousands of attack samples since Sunday. The goal is to dupe users into clicking on a link to view the video, which installs the increasingly prevalent Waledac trojan. The malware opens a backdoor on the compromised machine and then sits quietly, awaiting additional commands from its command-and-control server, he said.

Though the emails do contain some spelling and grammatical errors, the social engineering aspects may be slick enough to dupe many victims, Hubbard said.

"As soon as you add in legitimate brands, people tend to think, 'Wow, this is really real,'" he said.

Trend Micro researcher Rik Ferguson said on the anti-virus firm's blog that the latest campaign is proof that cybercrooks are having no problem making up for the amount of spam that may have dropped off when web hosting provider McColo was shut down.

As of early this morning AEST, eight of 39 major anti-virus providers detected the new Waledac variant, according to a file-analyser VirusTotal test commissioned by Hubbard and his team.

The most recent Waledac attacks leveraged US president Barack Obama's inauguration, the economic crisis and Valentine's Day to infect users. Hubbard said researchers had been expecting a St. Patrick's Day-themed attack until they began seeing the fake bomb spam.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?