Waledac might be out for revenge in latest spam run

Share this article:
The Waledac trojan, which has made its living off tricking people into visiting malware-serving or pharmaceutical-hawking websites, now just may be trying to get even.

Researchers at the volunteer intelligence organization Shadowserver Foundation said they have spotted a new Waledac spam campaign that appears to be touting the services of Blizzard Image Hosting, a seemingly legitimate company offering hosting services for photo portfolios and picture galleries.

The spam messages describe the company and include a link to its website. But a visit to the site didn't reveal any shady or malicious doings, Shadowserver's Steven Adair wrote in a blog post Wednesday.

"The information being spammed about Blizzard Image Hosting has not changed at all and has dominated large parts of the Waledac spam runs," he said. "Second, the website did not appear to be pushing pharmaceuticals, pornography or other cheap products for sale and did not attempt to fire exploits at our browser either."

If the Waledac creators were out just to tarnish Blizzard's reputation, they appear to have succeeded. The website could not be reached on Thursday.

"This account has been suspended," a message reads when visiting the URL. "Either the domain has been overused, or the reseller ran out of resources."

But Adair said the site's home page on Wednesday featured a message from the owner, who said he was aware of the culprit and was contacting federal authorities to investigate.

"My website is under DDoS attack," the owner said. "I, Blizzard Image Hosting, is (sic) not spamming you."

Adair said the group is trying to figure out why Waledac is using this company's name.

"We are curious as to why the people behind Waledac would choose to attack this website out of the blue," he said. "Could it be random? That is doubtful."
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

VBA malware on rise, templates make it easier to write code

VBA malware on rise, templates make it easier ...

Researchers at SophosLabs found an uptick in VBA samples in July.

Analysts spot 'Critolock,' ransomware claims to be CryptoLocker

Trend Micro noted several differences between Critolock and CryptoLocker, however.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.