Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Holidays and popular annual events as a social engineering tool in spamming is a signature Storm technique. The following spammed email message should then cement WALEDAC’s association with the said bot giant.

    Figure 1. Spammed Valentine’s greetings.

    These messages flood inboxes weeks before Valentine’s day, also typical of previous Storm spam runs. Clicking on the link redirects a user to a site with a heart images. When this page is clicked, the user is prompted to download a file, malicious of course, detected by Trend Micro as WORM_WALEDAC.AR.

    Figures 2 & 3. The link in the email leads to malware.

    WORM_WALEDAC.AR propagates by spamming email messages with malicious links where copies of the same worm are downloaded. Like other WALEDAC variants, it compromises the security of infected systems by opening random ports to listen for commands from a remote user.

    These other earlier threats by this same malware family exhibit routines and characteristics very similar to Storm:

    Beside the social engineering techniques used in email,  following are the similar methods applied by this worm family:

    • Fast-flux networks and several different name servers used per domain
    • Files names ecard.exe and postcard.exe
    • In some instances, the installation of rogue antispyware

    The Trend Micro Smart Protection Network blocks the email messages spammed by this worm, and detects the worm itself so it doesn’t run from systems anymore. Users should be careful in clicking links in spammed messages and in downloading files from unknown websites.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice