BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Researchers pry open Waledac, find 500, 000 email passwords

From: security curmudgeon <jericho () attrition org>
Date: Wed, 2 Feb 2011 05:39:48 -0600 (CST)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.theregister.co.uk/2011/02/02/waledac_account_compromise/

By Dan Goodin in San Francisco
The Register
2nd February 2011

Researchers have taken a peek inside the recently refurbished Waledac 
botnet, and what they've found isn't pretty.

Waledac, a successor to the once-formidable Storm botnet, has passwords 
for almost 500,000 Pop3 email accounts, allowing spam to be sent through 
SMTP servers, according to findings published on Tuesday by security firm 
Last Line. By hijacking legitimate email servers, the Waledac gang is able 
to evade IP-based blacklisting techniques that many spam filters use to 
weed out junk messages.

What's more, Waledac controllers are in possession of almost 124,000 FTP 
credentials. The passwords let them run programs that automatically infect 
the websites with scripts that redirect users to sites that install 
malware and promote fake pharmaceuticals. Last month, the researchers 
identified almost 9,500 webpages from 222 sites that carried poisoned 
links injected by Waledac.

The discovery comes a month after a new malware-seeded spam run was 
spotted. This had all the hallmarks of the storm botnet. Storm was all the 
rage in 2007 and 2008 but the botnet then turned largely silent, most 
likely as a result of the prolific amounts of spam it generated. Among the 
sleeping giants stirred by that success was Microsoft, which last year 
successfully sued to obtain 276 internet addresses used to control 
Waledac.

[...]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: