Waledac might be out for revenge in latest spam run

Share this article:
The Waledac trojan, which has made its living off tricking people into visiting malware-serving or pharmaceutical-hawking websites, now just may be trying to get even.

Researchers at the volunteer intelligence organization Shadowserver Foundation said they have spotted a new Waledac spam campaign that appears to be touting the services of Blizzard Image Hosting, a seemingly legitimate company offering hosting services for photo portfolios and picture galleries.

The spam messages describe the company and include a link to its website. But a visit to the site didn't reveal any shady or malicious doings, Shadowserver's Steven Adair wrote in a blog post Wednesday.

"The information being spammed about Blizzard Image Hosting has not changed at all and has dominated large parts of the Waledac spam runs," he said. "Second, the website did not appear to be pushing pharmaceuticals, pornography or other cheap products for sale and did not attempt to fire exploits at our browser either."

If the Waledac creators were out just to tarnish Blizzard's reputation, they appear to have succeeded. The website could not be reached on Thursday.

"This account has been suspended," a message reads when visiting the URL. "Either the domain has been overused, or the reseller ran out of resources."

But Adair said the site's home page on Wednesday featured a message from the owner, who said he was aware of the culprit and was contacting federal authorities to investigate.

"My website is under DDoS attack," the owner said. "I, Blizzard Image Hosting, is (sic) not spamming you."

Adair said the group is trying to figure out why Waledac is using this company's name.

"We are curious as to why the people behind Waledac would choose to attack this website out of the blue," he said. "Could it be random? That is doubtful."
Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.