The Waledac worm is gearing up for a spam campaign related to the July 4 holiday, a security researcher warned on Thursday.
Researchers analyzing the code of the worm, which has been deploying updates to previously compromised PCs, have discovered that at least 18 domain names have been registered related to fireworks and Independence Day that will be used to trick people into visiting a malicious Web site, said Pierre-Marc Bureau, a senior researcher at antivirus vendor ESET.
Starting any time now and lasting through the weekend, the spam e-mails will arrive in in-boxes with a message urging the recipient to watch a July 4 video. The e-mails are expected to include a link to a site with an executable that, instead of playing a video when double-clicked, will download malware that turns the visiting PC into another bot on the botnet, Bureau said.
The operators of Waledac are using holidays and other current events to lure new victims in order expand their botnet, and it's likely they are leasing out the botnet services to others, he said. Earlier this year, Waledac exploited Valentine's Day, spamming people with fake romantic greetings.
It is estimated that there are tens of thousands of computers infected with Waledac and that more than 20,000 will be used in the July 4 spam campaign, according to Bureau.
More information is on the ESET blog.