Waledac Botnet Keeps Bouncing Back

Wednesday, January 16, 2013 @ 05:01 PM gHale

Despite security companies and law enforcement hitting them hard a couple of times, the botmasters of the Waledac (Kelihos) botnet are using variants to set up new versions of the original botnet.

The number of computers infected with the W32.Waledac.D variant is on the rise again, and most of them are in the U.S., according to Symantec researchers and the company’s telemetry data.

SMS Spam from Android Botnet
Dorkbot Worm Goes Global
Botnet Back and Thriving
Botnet Hides on Tor Network

This latest increase can be the result of the influence of the Virut botnet, apparently hired to distribute the Waledac botnet variant.

Waledac’s goal is to send out spam emails through servers from a list that it receives from the botnet’s C&C servers, and according to the researchers’ estimates, that might currently mean anywhere between 1.2 billion to 3.6 billion spam emails per day.

The email subjects vary, but the links contained in them mostly lead to Canadian online pharmacies and counterfeit performance-enhancing drugs.

“The coexistence of Virut and Waledac on a single computer is further example of malware groups using affiliate programs to spread their threats, and that threats can be linked and coexist on an already compromised computer,” the researchers said.

Leave a Reply

You must be logged in to post a comment.