posted by: Wade on February 14, 2012 12:14 PM
filed in: Threat Advisory/Analysis
tagged: malware, threat prevention, WildFire
Waledac Returns…and It’s Serving More Than Spam
WildFire has recently detected a new variant of the Waledac botnet, along with a few new modifications. As a reminder, Waledac was a fairly large spamming botnet that was taken down in 2010 when Microsoft was able to take ownership of the many domains used by the botnet.
On February 2nd, WildFire began seeing a new variant of Waledac showing up in customer networks and this time its doing more than just sending spam. The new version has upgraded its malicious abilities to include stealing of passwords and authentication data. This includes the ability to sniff user credentials for FTP, POP3, SMTP and steal .dat files for FTP and BitCoin. All of this information is uploaded to the botnet, and of course would be very valuable for enabling further attacks.
WildFire was able to detect this new malware …Continue reading
