Digital Video Forums  

Go Back   Digital Video Forums > General > Off Topic

LinkBack Thread Tools Search this Thread Rate Thread Display Modes
Old 5 Jul 2009, 01:35 AM   #1
Just Trying To Help
soup's Avatar
Join Date: Nov 2005
Location: Canada Region 1
Posts: 7,524
Exclamation More malware news

Just received this from a friend, so I thought I would pass it along.

Fourth of July is a highly anticipated holiday, not only by U.S. citizens, but by the creators of the Waledac worm as well, who are anxious to profit from the massive public interest surrounding it. Security researchers warn that an Independence Day-themed Waledac spam campaign, looking to infect users through a fake fireworks show video, has already started and is expected to hit inboxes hard over the weekend.

Initial reports of an imminent Waledac campaign targeting the Fourth of July came in yesterday morning, when malware analysts tracking the worm noticed that some of its domains started to serve a YouTube-cloned page featuring a fake Independence Day video. A few hours later on Friday the first e-mails spreading these malicious URLs were caught in the spam traps of multiple security companies and organizations.

Waledac, also known as Iksmas, is the successor of the infamous Storm worm. Just as its late relative, it leverages on major holidays or important events for its spam runs. One of its main purposes, except for propagating itself, is to generate income for its creators by distributing rogue security applications (scareware).

One of the worm's signatures is the use of "fake video codec" scams in its campaigns, which is also the case with this latest one. The spam e-mails have subjects such as "Light up the sky," and contain a single line. One of the samples reads "American Independence Day," followed by a link to one of the many abusive domains.

Fake Waledac video sample
Enlarge picture
Clicking on the URL will open a page with what looks to be an embedded video but is actually just a linked image. "Colorful independence day took place throughout the country. This year July 4th firework's show were surprisingly amazing. […] If you want to see this fantastic show just click on the video below and press 'Run'," a message on the page reads.

Attempting to view the video will prompt the download of an executable file, which is actually the worm installer and has a very low AV detection rate for the time being. "The 'install.exe' which we downloaded actually had the SMTP engine built in, so we would say this [sending spam] is the primary purpose. The Waledac executable is also doing huge volumes of peer to peer traffic […]," notes Gary Warner, director of research in computer forensics at UAB.

In addition, the worm downloads and installs a rogue AV product called "System Security," which warns users of inexistent threats on their computer in order to scare them into acquiring a useless license. Users are advised to only watch videos of Independence Day events posted on trusted websites and delete unsolicited e-mails such as the ones described in this article. Antivirus vendors will surely release updates to detect this latest threat, so keeping AV definitions up to date is also a must.

soup is offline   Reply With Quote


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
A quarter of US PCs infected with malware admin Latest News 4 3 Jun 2008 12:57 PM
Removing CiD Malware drfsupercenter General Computing 1 13 Sep 2007 11:45 AM
Drive-by Malware Chewy General Computing 14 22 May 2007 09:45 PM
100% Undetectable Malware atifsh Off Topic 0 1 Jul 2006 11:04 PM
Best new anti malware Chewy General Computing 11 11 Jan 2006 02:28 PM

All times are GMT +10. The time now is 07:12 PM.

Kirsch designed by Andrew & Austin

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright © 1999 - 2018 Digital Digest

Visit DivXLand   Visit