Feeds

Researchers pry open Waledac, find 500,000 email passwords

Son of Storm is back

Boost IT visibility and business value

Researchers have taken a peek inside the recently refurbished Waledac botnet, and what they've found isn't pretty.

Waledac, a successor to the once-formidable Storm botnet, has passwords for almost 500,000 Pop3 email accounts, allowing spam to be sent through SMTP servers, according to findings published on Tuesday by security firm Last Line. By hijacking legitimate email servers, the Waledac gang is able to evade IP-based blacklisting techniques that many spam filters use to weed out junk messages.

What's more, Waledac controllers are in possession of almost 124,000 FTP credentials. The passwords let them run programs that automatically infect the websites with scripts that redirect users to sites that install malware and promote fake pharmaceuticals. Last month, the researchers identified almost 9,500 webpages from 222 sites that carried poisoned links injected by Waledac.

The discovery comes a month after a new malware-seeded spam run was spotted. This had all the hallmarks of the storm botnet. Storm was all the rage in 2007 and 2008 but the botnet then turned largely silent, most likely as a result of the prolific amounts of spam it generated. Among the sleeping giants stirred by that success was Microsoft, which last year successfully sued to obtain 276 internet addresses used to control Waledac.

“The Waledac botnet remains just a shadow of its former self for now, but that's likely to change given the number of compromised accounts that the Waledac crew possesses,” the Last Line researchers wrote.

In addition to a generous helping of compromised credentials, Waledac also comes with a new command and control system that disseminates a list of router nodes to infected machines. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?