MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

11.2.09

Social Engineering and Waledac Valentine

For current malware, each event, news or special circumstance is exploited as a method of deception to spread themselves or other malicious code, with the spam ornot the attack vectors used for this purpose.

Our mailboxes are concrete examples that describe this situation. The Valentine's Day (or love) is one of them, and if we look a bit of email spam that inundates us, we will notice that many do make reference to the nearby festival.


In fact, waledac has begun its campaign to spread well before spreading using a typical deceptive image that alludes to lovers whereby downloading a binary called love.exe that far from being loving, infects your computer turning it into a zombie.


As an extra component, the previous campaign by downloading the malware, malicious page containing an exploit. Among them were:

googol-analisys. com

seocom. name

seocom. mobi

seofon. net

goog-analysis. com


Recently, however, developers have migrated image to one that seeks to find the same degree of "tenderness" download also waledac.

Some of the names used for the binary are:

lovekit.exe

mylove.exe

loveprogramm.exe

love.exe

loveexe.exe

barack.exe

postcard.exe

devkit.exe

RunMe.exe

you.exe

onlyyou.exe

youandme.exe
card.exe
ecard.exe

val.exe
install.exe

Waledac uses Fast-Flux networks and some of the domains used to propagate them are:


adorelyric. com
adorepoem. com

adoresongs. com

alldatanow. com

alldataworld. com

bestadore. com

bestlovehelp. com

bestlovelong. com

cantlosedata. com

chatloveonline. com

cherishletter. com

cherishpoems. com

freedoconline. com

funloveonline. com

goodnewsdigital. com

losenowfast. com

lovecentralonline.com

lovelifeportal.com

mingwater. com

orldlovelife. com

romanticsloving. com

superobamaonline. com

theworldpool. com

topwale. com

wagerpond. com

whocherish. com

worldlovelife. com

worldtracknews. com

worshiplove. com

youradore. com

yourdatabank. com

yourgreatlove. com

yourteamdoc. com


Many compare it to other malicious code as Nuwar (also known as storm or the storm worm) because of the similarity of their dissemination strategies and performing malicious activities on the infected computer. However, the reality is that waledac is a dangerous malicious code that has formed one of the largest botnet networks of the moment.

Related information
Understanding Fast-Flux networks
Danmec Bot, Fast-Flux networks and recruitment of...

Jorge Mieres

0 comentarios:

Post a Comment