Waledac: Reuters Video News Social Engineering

This attack is covered in detail over on the TrendLabs Malware Blog

 

Coupons & Barack Obama in January, Valentines in February and now video news in March. Waledac has once again reinvented itself. The creators have moved on from their coupon related campaign and are now using fake big news events with associated video content to fool the user into downloading “the latest Flash Player” to view it. “The latest Flash Player” is of course the newest variant of the Waledac worm

This is what the spam message leads you to if you live in San Jose

 

 

 

 

waledac_reuters

 

Don’t be fooled by the location though, the site is running a couple of clever scripts, one of them will detect the location of your IP address and vary the location of the disaster accordingly; the other will vary the name of the downloaded file (news.exe, save.exe. run.exe etc.). Trend Micro detects the malicious file as WORM_WALEDAC.NYS and blocks the malicious domains.

 

Further evidence, as if any were needed that the botnet creators are still actively filling the void left behind by various event os last year, such as the dismantling of the  Storm botnet and the takedown of McColo.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>