Waledac might be out for revenge in latest spam run

Share this article:
The Waledac trojan, which has made its living off tricking people into visiting malware-serving or pharmaceutical-hawking websites, now just may be trying to get even.

Researchers at the volunteer intelligence organization Shadowserver Foundation said they have spotted a new Waledac spam campaign that appears to be touting the services of Blizzard Image Hosting, a seemingly legitimate company offering hosting services for photo portfolios and picture galleries.

The spam messages describe the company and include a link to its website. But a visit to the site didn't reveal any shady or malicious doings, Shadowserver's Steven Adair wrote in a blog post Wednesday.

"The information being spammed about Blizzard Image Hosting has not changed at all and has dominated large parts of the Waledac spam runs," he said. "Second, the website did not appear to be pushing pharmaceuticals, pornography or other cheap products for sale and did not attempt to fire exploits at our browser either."

If the Waledac creators were out just to tarnish Blizzard's reputation, they appear to have succeeded. The website could not be reached on Thursday.

"This account has been suspended," a message reads when visiting the URL. "Either the domain has been overused, or the reseller ran out of resources."

But Adair said the site's home page on Wednesday featured a message from the owner, who said he was aware of the culprit and was contacting federal authorities to investigate.

"My website is under DDoS attack," the owner said. "I, Blizzard Image Hosting, is (sic) not spamming you."

Adair said the group is trying to figure out why Waledac is using this company's name.

"We are curious as to why the people behind Waledac would choose to attack this website out of the blue," he said. "Could it be random? That is doubtful."
Share this article:

Sign up to our newsletters

More in News

Study shows how attackers make use of websites existing for less than 24 hours

Study shows how attackers make use of websites ...

Looking at the top 50 of parent domains that produced websites existing for less than 24 hours, researchers with Blue Coat Security Labs observed that 22 percent were malicious.

Phishing campaign lures victims with models' photos

Two nude models' photos reeled in unsuspecting victims who handed over their Facebook logins to gain access to adult material.

IBM projects 2014 bug disclosures may hit three-year low

IBM projects 2014 bug disclosures may hit three-year ...

The number of disclosed vulnerabilities is on track to fall below 8,000 this year, a first since 2011.