Recently there have been several reports about the re-emergence of a botnet variant (Kelihos), which Symantec detects as W32.Waledac.C. The Waledac family is a threat that has been monitored by Symantec for many years and was featured in numerous blogs as well as a white paper. In the past, Waledac gained its infamy as a spamming botnet that utilized compromised systems to send out spam. The purpose of these spamming campaigns had usually been for self-propagation of the threat through spam emails containing a link, often (but not always) pointing to a Waledac binary file hosted on a malicious website. The variant W32.Waledac.C is also sending out spam emails, but with a twist.
In one spam campaign, we observed it sending out the email seen below to only Russian target email addresses.
Email translation (Rough translation)
This year Rospres celebrates another birthday – we are now 5 years old.
All these years we were trying our best to bring to you the latest available information in its full integrity. In the nearest future we intend to work even harder for our readers, so they come back to our web portal again and again. We will be very happy to work for all visitors to http://www.rospres.com/ !
With best wishes, Ruspres.
The Rospres.com link seen in the spam email leads to a slanderous (continue reading…)
Article source: http://feedproxy.google.com/~r/TheSecurityBlog/~3/yL6Lv9-G4YQ/
View full post on National Cyber Security