Saturday, February 14, 2009

Waledac more loving than ever

As I said in previous post, Waledac is a worm whose main objective is to recruit zombie PCs and use the full potential distributed more malicious code to propagate and disseminate more unwanted email.

For about a month, this worm started spreading their campaign of using as an excuse, and ahead, the day of love that is celebrated today, February 14, worldwide.

Now, it seems to have saved their entire battery of visual strategies of social engineering to this day, renewing its entire repertoire displaying the following images:


** More pictures

It has also changed the name of the binaries:

reader.exe MD5: A9286212E0D7B46841C860FD3F058DFA
valentine_card.exe
loveu.exe
start.exe
val.exe
programm.exe
luv.exe
luvu.exe
patch.exe MD5: 1C5E4A7FCBE766133F743C9A0150373D
loveexe.exe MD5: 5C17F98919D2C84C3FD1908630396BB7
mylove.exe
cardviewer.exe MD5: E2F9C7A76581047D493FDE2C4A02737A

As seen through the reporting of VT, Waledac currently has a low level of detection by the antivirus signatures, ie, hasn't only changed the repertoire of images but also the code of the binaries, even more dangerous.


# Jorge Mieres

No comments: