New Waledac variant unleashed, spoofing coupons
Friday, February 27, 2009
After spending most of its time targeting spam email during specific holidays, it appears the Waledac botnet has unleashed a new variant spoofing a legitimate coupon website and hiding its tracks using IP address geolocation.
News of variant came late on Thursday with security officials saying Waledac was producing a malicious copy of the site that sells The Couponizer, an organizational product that assists consumers to store coupons, SCMagazineus.com reports. The botnet further legitimized its phishing attack by offering coupons on the fake site for stores, restaurants and companies near where the user lives.
This was done through a new social engineering feature previously not seen in other Waledac variants called IP address geolocation, which allowed the cybercriminal to determine a user's location based on his or her IP address, security officials told the news provider. The IP address is queried against a database for the location with the results incorporated into the webpage.
Waledac, which is widely considered an evolved version of the Storm botnet, had mainly focused on holiday-centered attacks prior to this by releasing spam emails with malicious links on Valentine's day and near the Christmas and Chanukah holiday.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
