Researchers have taken a peek inside the recently refurbished Waledac
botnet, and what they've found isn't pretty.
Waledac, a successor to the once-formidable Storm botnet, has passwords
for almost 500,000 Pop3 email accounts, allowing spam to be sent through
SMTP servers, according to findings published on Tuesday by security firm
Last Line. By hijacking legitimate email servers, the Waledac gang is able
to evade IP-based blacklisting techniques that many spam filters use to
weed out junk messages.
What's more, Waledac controllers are in possession of almost 124,000 FTP
credentials. The passwords let them run programs that automatically infect
the websites with scripts that redirect users to sites that install
malware and promote fake pharmaceuticals. Last month, the researchers
identified almost 9,500 webpages from 222 sites that carried poisoned
links injected by Waledac.
The discovery comes a month after a new malware-seeded spam run was
spotted. This had all the hallmarks of the storm botnet. Storm was all the
rage in 2007 and 2008 but the botnet then turned largely silent, most
likely as a result of the prolific amounts of spam it generated. Among the
sleeping giants stirred by that success was Microsoft, which last year
successfully sued to obtain 276 internet addresses used to control
Waledac.
No comments:
Post a Comment