Waledac botnet is active again with malicious money saving website built

The Waledac botnet has become active again with 15,000 messages per hour being sent out.

Sam Masiello, vice president of information security at MX Logic, claimed that it had watched the Waledac botnet go through a couple of different phases over the past few weeks after it sent out spam relating to coupons and Valentine's Day.

MX Logic claimed that the latest ‘Couponizer' spoof started on February 22nd and that more Valentine's Day spam was sent from Waledac after Valentine's Day than before. It also claimed that Waledac has now made a copy of couponizer.com with emails sent that link to the spoofed lookalike sites.

Masiello said: "As with many other Waledac/Storm generated websites, just about everything on the page is an image. This is generally a dead giveaway to folks who have been tracking Waledac/Storm for quite some time, but is a minor fact that is likely lost on most users who are unaware they are being duped. These images link to a binary executable file where when downloaded and run by the user enlist their PC into the botnet.

"Nevertheless, it is clear that the Waledac folks are working very hard to build their botnet back up to levels that it was at prior to Microsoft releasing its September 2007 MSRT update which Microsoft claims were responsible for mostly taking down its predecessor, Storm. This botnet clearly isn't just about holidays anymore."