Waledac might be out for revenge in latest spam run

Share this article:
The Waledac trojan, which has made its living off tricking people into visiting malware-serving or pharmaceutical-hawking websites, now just may be trying to get even.

Researchers at the volunteer intelligence organization Shadowserver Foundation said they have spotted a new Waledac spam campaign that appears to be touting the services of Blizzard Image Hosting, a seemingly legitimate company offering hosting services for photo portfolios and picture galleries.

The spam messages describe the company and include a link to its website. But a visit to the site didn't reveal any shady or malicious doings, Shadowserver's Steven Adair wrote in a blog post Wednesday.

"The information being spammed about Blizzard Image Hosting has not changed at all and has dominated large parts of the Waledac spam runs," he said. "Second, the website did not appear to be pushing pharmaceuticals, pornography or other cheap products for sale and did not attempt to fire exploits at our browser either."

If the Waledac creators were out just to tarnish Blizzard's reputation, they appear to have succeeded. The website could not be reached on Thursday.

"This account has been suspended," a message reads when visiting the URL. "Either the domain has been overused, or the reseller ran out of resources."

But Adair said the site's home page on Wednesday featured a message from the owner, who said he was aware of the culprit and was contacting federal authorities to investigate.

"My website is under DDoS attack," the owner said. "I, Blizzard Image Hosting, is (sic) not spamming you."

Adair said the group is trying to figure out why Waledac is using this company's name.

"We are curious as to why the people behind Waledac would choose to attack this website out of the blue," he said. "Could it be random? That is doubtful."
Share this article:

Sign up to our newsletters

More in News

Five schools earn NSA's excellence in cyber ops distinction

The schools earned NSA's Centers for Academic Excellence designation for their cyber offerings.

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target ...

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, ...

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.