Threat of the month: Waledac

Share this article:
Waledac worm

What is it?
The second generation of what was originally known as the Storm Worm, Waledac is a mass mailing virus that got its name from the original subject lines used in emails.

How does it work?
Waledac has generally followed many of the tactics of its predecessor, luring users to click on links to infected websites using social engineering lures focused on holiday themes, e-cards and breaking news stories. A recent variant has used the tough economy as a hook to trick users into visiting a spoofed coupon site infected with malware.

Should I be worried?
Yes, an attacker can infect PCs with malicious code that secretly sends out spam as part of the Waledac botnet.

How can I prevent it?
A combination of education and technology is key. First, it's important that users understand how these types of threats can manifest themselves so that they avoid malicious website links or attachments. Second, organizations should deploy defense-in-depth strategies that include technologies to keep malicious emails out of the inbox and also protects users in the event they inadvertently browse to a malware infected website.

Sam Masiello, VP of information security, MX Logic


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in Research

2014 audit and compliance ebook

2014 audit and compliance ebook

We explore the landscape today with which security teams must contend and compile a number of best practices and strategies you can apply to protect your company.

2014 eBook on Encryption

2014 eBook on Encryption

The experts we spoke to for this new ebook agree that when deciding what data must be encrypted, it's a question of classifying it by level of importance.

PCI 2014: From compliance to security

PCI 2014: From compliance to security

The consensus from our panel of experts is that PCI DSS should be just one item on a far broader effort to integrate data security into enterprise risk management.