After attempting to shock us with dire news of terrorist bombings, Waledac now attempts to entice us with offers of spying somebody else’s (notably a lover’s) SMS messages.
The links in the spammed messages shown above lead to a malicious website, which offers a 30-day trial for a SMS (Short Messaging Service) Spying software. The link “Download Free Trial” leads to the download of an .EXE file which installs a Waledac bot into the user’s system. So if you must ask, no, it is not legitimate SMS spy software.
While downloaded Waledac variants are found constantly changing from time to time, Trend Micro managed to extract several of these variants, and are now detected as the following:
More variants are expected to surface soon, as there are several domains hosting the malicious files. Users need not worry about this threat however, as the Smart Protection Network already blocks the domains from which the Waledac variants are hosted.
This current Waledac campaign, which is nastier than the recent Waledac spam runs (the online casino spam run being the latest) is actually ripping off the website of a software vendor that is indeed selling spy software for SMS.