Waledac: Reuters Video News Social Engineering

This attack is covered in detail over on the TrendLabs Malware Blog


Coupons & Barack Obama in January, Valentines in February and now video news in March. Waledac has once again reinvented itself. The creators have moved on from their coupon related campaign and are now using fake big news events with associated video content to fool the user into downloading “the latest Flash Player” to view it. “The latest Flash Player” is of course the newest variant of the Waledac worm

This is what the spam message leads you to if you live in San Jose







Don’t be fooled by the location though, the site is running a couple of clever scripts, one of them will detect the location of your IP address and vary the location of the disaster accordingly; the other will vary the name of the downloaded file (news.exe, save.exe. run.exe etc.). Trend Micro detects the malicious file as WORM_WALEDAC.NYS and blocks the malicious domains.


Further evidence, as if any were needed that the botnet creators are still actively filling the void left behind by various event os last year, such as the dismantling of the  Storm botnet and the takedown of McColo.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.