Waledac might be out for revenge in latest spam run

Share this article:
The Waledac trojan, which has made its living off tricking people into visiting malware-serving or pharmaceutical-hawking websites, now just may be trying to get even.

Researchers at the volunteer intelligence organization Shadowserver Foundation said they have spotted a new Waledac spam campaign that appears to be touting the services of Blizzard Image Hosting, a seemingly legitimate company offering hosting services for photo portfolios and picture galleries.

The spam messages describe the company and include a link to its website. But a visit to the site didn't reveal any shady or malicious doings, Shadowserver's Steven Adair wrote in a blog post Wednesday.

"The information being spammed about Blizzard Image Hosting has not changed at all and has dominated large parts of the Waledac spam runs," he said. "Second, the website did not appear to be pushing pharmaceuticals, pornography or other cheap products for sale and did not attempt to fire exploits at our browser either."

If the Waledac creators were out just to tarnish Blizzard's reputation, they appear to have succeeded. The website could not be reached on Thursday.

"This account has been suspended," a message reads when visiting the URL. "Either the domain has been overused, or the reseller ran out of resources."

But Adair said the site's home page on Wednesday featured a message from the owner, who said he was aware of the culprit and was contacting federal authorities to investigate.

"My website is under DDoS attack," the owner said. "I, Blizzard Image Hosting, is (sic) not spamming you."

Adair said the group is trying to figure out why Waledac is using this company's name.

"We are curious as to why the people behind Waledac would choose to attack this website out of the blue," he said. "Could it be random? That is doubtful."
Share this article:

Sign up to our newsletters

More in News

New backdoor 'Baccamun' spreads through ActiveX exploit

Symantec researchers revealed that the backdoor is dropped after attackers exploit a Windows ActiveX vulnerability.

Outdated browsers put U.K. users at risk of malware

A blog post on Check and Secure website said 70 percent of U.K. users haven't fully updated their internet browsers

Survey: 53 percent change privileged logins quarterly

A Lieberman Software survey highlights the issue or poor password management, even among security pros.