Skip to main content

Waledac botnet poised for comeback?

Image used with permission by copyright holder

About a year ago a federal judge granted a very unusual request by Microsoft to shut down almost 300 domains that were used as command-and-control centers for the Waledac botnet. The move was generally hailed as a success by the security community: it dealt Waledac a huge blow and the botnet all but dropped off the radar of most online threat analyses. However, now Waledac seems to be back—and this time it’s armed with a sizable cache of valid FTP and email credentials that enable it to alter Web pages to serve malware and send “high quality” spam under the names of legitimate ISP customers.

According to security vendor Last Line, Waledac has accumulated almost half a million valid login credentials for POP3 email accounts around the Internet, as well as more than 120,000 valid login credentials for FTP servers. The vast number of login credentials may be significant: Waledac’s controllers use the credentials to log into the servers and, where possible, alter the contents of existing Web pages to server malware, promote pharmaceuticals, or engage in other forms of online scams. The POP3 logins mean that Waledac-controlled computers can connect o ISPs as legitimate customers—and send email using their accounts. The ability to bypass authentication requirements for sending email could give spam from Waledac systems an edge in defeating blacklisting and techniques that validate senders—from the point of view of the receiving system.

“The Waledac botnet remains just a shadow of its former self for now, but that’s likely to change given the number of compromised accounts that the Waledac crew possesses,” Last Line wrote on its blog.

The security community noticed Waledac coming back to life at the end of 2010, but Last Line’s analysis is the first reported look at the resources available to Waledac’s operators.

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
This critical exploit could let hackers bypass your Mac’s defenses
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

Read more
Is macOS more secure than Windows? This malware report has the answer
A person using a laptop with a set of code seen on the display.

It’s a long-held belief that Macs are less at risk of malware and viruses than Windows PCs, but how true is that? Well, a new report has shed some light on the situation -- and the results might surprise you.

According to threat research firm Elastic Security Labs, roughly 39% of all malware infections happen on Windows PCs. In good news for Apple fans, only 6% of breaches occurred on macOS, making Mac systems far less vulnerable than their Windows counterparts.

Read more
This Bing flaw let hackers change search results and steal your files
The new Bing preview screen appears on a Surface Laptop Studio.

A security researcher was recently able to change the top results in Microsoft’s Bing search engine and access any user’s private files, potentially putting millions of users at risk -- and all it took was logging into an unsecured web page.

The exploit was discovered by researcher Hillai Ben-Sasson at their team at Wiz, a cloud security firm. According to Ben-Sasson, it would not only allow an attacker to change Bing search results but would also grant them access to millions of users’ private files and data.

Read more