Waledac botnet being prepared to send Independence Day-related spam
According to ESET senior researcher Pierre-Marc Bureau, at least 18 domain names all related to the theme of video, fireworks and Independence Day have been registered with the intention of sending spam via the botnet.
Bureau claimed that the spam will include links to supposed videos of Independence Day fireworks, which are in reality, fresh copies of the Waledac malware family.
Bureau said: “We estimate the size of Waledac's botnet as tens of thousands of infected computers. We believe that more than twenty thousand compromised computers will be used to send the malicious emails, in an effort to increase the size of the botnet.
“This effort will allow the criminals to send out even more spam. Currently, detection of the new variants of Waledac is quite low, with only a handful of anti-virus products detecting the newest threat.”
ESET claimed that the Waledac family has been active since the end of 2008 and has been used to exploit events such as Christmas or Valentine's Day in order to spread in a way very similar to methods used by the infamous Storm Worm.
Bureau urged recipients of suspicious emails not to follow links even if they appear to come from someone they know. “As dangerous as fireworks can be, when used as directed, they are still safer than unsolicited emails,” said Bureau.
Meanwhile Symantec's Samir Patil claimed that there is a decided lack of spam related to the annual Independence Day holiday in the US this Saturday, due to the Michael Jackson story still dominating the headlines.
However web users were still warned to be cautious despite a decided lack of effort on the spam side. Patil said: “The subject lines for these spam messages seem legitimate and are often the subject lines used in valid promotional emails. So, users need to take extra care while opening any email with this type of subject line/content.
“Because Independence Day is still a few days away, we expect that spammers might continue pushing such fake-but-catchy offers into users' inboxes.”