Waledac botnet wakes up after 7 days of sleep

Waledac appeared in a new version in the last days of 2010, sending out big amounts of New Year related spam messages. It then stopped spamming in the evening of January 4th, according to Websense.

On Tuesday morning a new variant of Waledac was distributed to members of the botnet. Yesterday it started spamming again, but now it’s back to sending pharmaceutical spam promoting “the magic blue pill” which we have seen previous versions of Waledac do in the past.

As in previous spam campaigns, the spammers are using redirections via compromised legitimate sites.

When clicked, the link leads to your average Canadian pharmaceutical spam page:

The new spam campaign doesn’t redirect to malicious content, just to spam content but that could change at any point if the people behind Waledac decides to grow the botnet.

We have seen hundreds of different subjects being used in this campaign, here are some examples:

Wonderful revealing effect on your libido.
I dream u to be vigorous, dive into u dream this too
The most excellent way to satisfy her
Your gf wants your organ to be the finest worker of the year!
Want to act like a xxxstar? Bang a blu-colored pill!
FDA-approved blue-blu-colored med to heal ED!
She needs YOU to grow your PENI!
Wish to surprise and gratify your lady tonight?

Share this