iTnews
  • Home
  • News
  • Technology
  • Security

Waledac botnet wakes up in 2011 with new run of pharmaceutical spam

By Dan Raywood on Jan 17, 2011 12:33PM

Cybercriminals return from break.

A new variant of the Waledac botnet has reappeared, with pharmaceutical spam being distributed.

The botnet reappeared at the end of 2010, sending out a New Year themed spam email where a URL in the email asks the recipient to download a fake Adobe Flash player, however this campaign ended on January 4.

The new pharmaceutical campaign also uses redirections via compromised legitimate sites with the links not just sending the user to malicious content, but just to spam, though that could change at any point if the people behind Waledac decide to grow the botnet.

Carl Leonard, senior manager of Websense Security Labs, said: “When botnets shut down over Christmas, global spam levels took a welcome dive. But the holiday is over now as we see sleeping botnets reactivate with a vengeance one-by-one.

“Waledac is the latest to stir back into life reverting back to its favourite pharmaceutical spam topics. As for the hiatus in activity, I presume that cyber criminals took some time off just the same as everyone else.”

Symantec's Andrea Lelli said: “This new variant (named W32.Waledac.B) implements the advanced network management protocol (ANMP) in order to organise all the bots in a peer-to-peer network that has the characteristics of a fast-flux network. This kind of network is resistant to bots going online and offline and it can reconfigure itself very quickly, rendering it a very dangerous botnet.

“The peers communicate with each other through messages and all the communications use strong encryption and digital signing. We analysed the network messages being exchanged among the peers, before and after the downtime and we could see an update in the version numbers (from 0.0.49 to 0.0.51) and in the spam job message, which was now including also the pharmaceutical spam messages (as opposed to the previous spam job, which contained spam related to e-cards).

“This new added code seems to be simply validating a parameter (the size of the send queue). Perhaps the previous version of the bot had a bug that caused it to malfunction in case the size of the queue was not properly set? Perhaps this bug caused the botnet downtime that we observed? We do not know, maybe the botnet herders were just waiting for the next strike, but this was definitely a curious detail on the software side.”

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
2011botnetinnewofpharmaceuticalrunsecurityspamupwakeswaledacwith

Partner Content

Winning strategies for complaints and disputes management in financial services
Promoted Content Winning strategies for complaints and disputes management in financial services
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Digital signatures propel Australian Unity with rapid time to value
Digital signatures propel Australian Unity with rapid time to value

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Dan Raywood
Jan 17 2011
12:33PM
0 Comments

Related Articles

  • VMware, F5, Log4j added to EnemyBot attack targets
  • FBI Cyclops Blink operation disinfected thousands of WatchGuard appliances
  • Sandworm crafts malware to run on ASUS routers
  • Visa pilots enumeration attack prevention requirement in Australia
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia sets changeover date for myGov

Services Australia sets changeover date for myGov
Google Cloud IoT Core goes on the end-of-life list

Google Cloud IoT Core goes on the end-of-life list
NBN Co proposes to axe CVC across all plans by mid-2026

NBN Co proposes to axe CVC across all plans by mid-2026
Wesfarmers to stand up offensive cyber security capabilities

Wesfarmers to stand up offensive cyber security capabilities

Digital Nation

Stakes are higher for cybersecurity in Web3: Gal Tal-Hochberg, CTO at Team8
Stakes are higher for cybersecurity in Web3: Gal Tal-Hochberg, CTO at Team8
Edge and IoT critical to Web3 infrastructure
Edge and IoT critical to Web3 infrastructure
Save the Date — Digital Nation Live launches on October 25
Save the Date — Digital Nation Live launches on October 25
CommBank’s mobile banking app beats ANZ, NAB, Suncorp and Westpac: Forrester
CommBank’s mobile banking app beats ANZ, NAB, Suncorp and Westpac: Forrester
Crypto losses to crime surge to $1.9 B in first half of 2022: Chainalysis
Crypto losses to crime surge to $1.9 B in first half of 2022: Chainalysis
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.