Deviating from Conficker/Downad update and jigsaw puzzle menace, Waledac updated its spam emails and is now spamming online casino advertisements.
The spammed email contains a URL link to a Yahoo! Geocities web page which is shown in Figure 4, and when the link “Play now” is clicked, it shows a casino related image ad as shown in Figure 5.
There is no activity seen where Waledac is seeding URLs that links to a new Waledac binary for this specific spam run, but our radars are actively monitoring for this event. The following spam emails however, are now blocked by the Smart Protection Network.