The Barracuda Labs Internet Security Blog

Posted by: Barracuda Labs

After months of inactivity, Waledac has begun a new propagation email campaign. Messages in this run all relate to the July 4th holiday; an example is shown below.

From: Elmer Curry < tonya.galati@nextiraone.fr >
Date: Sat, 4 Jul 2009 04:37:49
Subject: Happy Birthday, America!
To: < redacted >@orange.fr

Well done 4th! hxxp://axkgi.fireworksnetwork.com/

Similar to Storm’s 2008 July 4th email campaign, clicking on the above link will take the user to a fake YouTube page claiming to offer a video of an expensive fireworks display:

The “video” is actually Waledac malware, which will infect the user’s system if they attempt to “view” it. AV detections for these instances are poor:

http://www.virustotal.com/analisis/7e288c3f5a0d3adee8b50d249fb3a65
6e0ca3736437a16abf4abbbf54af73931-1246683971

Users of the PWSS are protected from this campaign.

This entry was posted on Friday, July 3, 2009 at 5:26 pm and is filed under Research. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.