• On TechRepublic: Windows 7: Slower to boot than Vista?
advertisementGet Smart about Business Spending
July 2, 2009 10:49 AM PDT

Waledac worm targeting July 4 spam offensive

by Elinor Mills
  • Font size
  • Print
  • 10 comments

The Waledac worm is gearing up for a spam campaign related to the July 4 holiday, a security researcher warned on Thursday.

Researchers analyzing the code of the worm, which has been deploying updates to previously compromised PCs, have discovered that at least 18 domain names have been registered related to fireworks and Independence Day that will be used to trick people into visiting a malicious Web site, said Pierre-Marc Bureau, a senior researcher at antivirus vendor ESET.

Starting any time now and lasting through the weekend, the spam e-mails will arrive in in-boxes with a message urging the recipient to watch a July 4 video. The e-mails are expected to include a link to a site with an executable that, instead of playing a video when double-clicked, will download malware that turns the visiting PC into another bot on the botnet, Bureau said.

The operators of Waledac are using holidays and other current events to lure new victims in order expand their botnet, and it's likely they are leasing out the botnet services to others, he said. Earlier this year, Waledac exploited Valentine's Day, spamming people with fake romantic greetings.

It is estimated that there are tens of thousands of computers infected with Waledac and that more than 20,000 will be used in the July 4 spam campaign, according to Bureau.

More information is on the ESET blog.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Vulnerabilities & attacks

Tags:

Waledac,

worm,

July 4

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Security
Microsoft patching zero-day Windows 7 SMB hole
RSA reveals details behind re-shipping scam
Expert says Adobe Flash policy is risky
Apple updates Safari for security
Microsoft probing Windows 7 zero-day hole
Security considerations for virtual environments
Eastern Europeans charged in payment processor hack
A child porn-planting virus: Threat or bad defense?
Related
Jailbroken iPhone? SSH installed? Beware of worms!
Bank Trojan botnet targets Facebook users
Phishing, worms spike this year, say Microsoft and McAfee
Kaspersky tool detects malware in Twitter links
Week in review: Microsoft getting lucky with 7?
Rick Astley resurrected in iPhone worm
Spammy scams surfacing on Twitter, Facebook
BOL 1084: TI don't be a 8008
Add a Comment (Log in or register) (10 Comments)
  • prev
  • 1
  • next
by filipiak July 2, 2009 11:57 AM PDT
If this attack only affects Windows-based systems, why is a Macintosh used in the graphic?
Reply to this comment
by nickh2 July 2, 2009 12:51 PM PDT
"There are Mac botnets too troll."

There was ONE to date. In a manipulated, pirated copy of iWork. Folks who steal software get what they deserve.
And if correcting your endless stream of anti-Mac FUD makes me a troll, I'm fine with that.
by Vegaman_Dan July 2, 2009 12:54 PM PDT
@nickh2:

"There was ONE to date. "

There's several now, to be honest. Got to keep up to date on these things when your job is supporting Linux, Windows, and Mac OS X systems. And yes, nearly all these come from illegal sites or pirated software. It doesn't matter what OS you use when you go out on the internet without protection or common sense.
by NotForNuthin July 2, 2009 2:09 PM PDT
Because they are MUCH better looking...
by baconstang July 2, 2009 12:09 PM PDT
How do I protect my iMac from this attack? Oh, nevermind.....
Reply to this comment
by monkeyfun14 July 2, 2009 12:14 PM PDT
There are Mac botnets too troll.

Only been 30 minutes and the trolls are out in force.
by tm_anon July 5, 2009 9:01 PM PDT
@monkeyfun14

This is about Waledac, in case u didn't actually read the article. Waledac is a Windows based worm. It only effects Windows.

His comment, while seemingly inappropriate, actually made sense. His iMac can't be effected by this attack.
by lvcsslacker July 2, 2009 12:14 PM PDT
Common sense could have prevented this...
Reply to this comment
by baconstang July 2, 2009 12:26 PM PDT
The article wasn't clear about windows only at first glance. I guess there are Mac botnets... at least that's what dark side keeps telling us.
Reply to this comment
by tm_anon July 5, 2009 9:03 PM PDT
It's about Waledac. Waledac is Windows only and was mentioned in the article title as well as the body of the article.
(10 Comments)
  • prev
  • 1
  • next
advertisement

A CNET Conversation with Eric Schmidt

CNET's Tom Krazit and Molly Wood sit down with Google CEO Eric Schmidt to discuss the future of Android, the Chrome OS, the problem of real-time search indexing, and more.

Verizon tests sending RIAA copyright notices

The No. 2 phone company, known for its reluctance to intervene in antipiracy cases, strikes an agreement to forward copyright notices on behalf of the music industry.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET