- 21.02.2009: More on the Adobe Acrobat 0-Day
- 19.02.2009: When PDFs Attack - Acrobat [Reader] 0-Day On the Loose
- 16.02.2009: Shadowserver - ASN & Netblock Alerting & Reporting Service
- 12.02.2009: Joint Effort at Conficker Disruption
- 02.02.2009: Reports and Data
- 29.01.2009: Asprox Goes Phishing Again
- 24.01.2009: More Waledac Domains to Block
- 22.01.2009: Asprox - It's Baaaaaaack
- 19.01.2009: See below.
- 09.01.2009: Waledac Domains - Updated List
- 31.12.2008: Waledac is Storm is Waledac? Peer-to-Peer over HTTP.. HTTP2p?
- 11.12.2008: IE7 0-Day Exploit Gets Worse
- 10.12.2008: IE7 0-Day Exploit Sites
- 05.12.2008: Anti-Fraud Website Under Constant DDoS Attack
Monday, 19 January 2009
Inauguration Themed Waledac - New Tactics & New Domains
We are just a day away from the Inauguration of Barack Obama and the Waledac trojan has been in full swing attempting to take advantage of the event. Since late last week the trojan has been blasting its way across the Internet with e-mails attempting to bring unwitting users to a page that looks a lot like the official Barack Obama website. The page is updated each day to appear to have a new blog entry. For example, today's entry is one that says "Barack Obama has refused to be president".
Click the thumbnail below to see a sample of what the website looks like:
We have also noticed just a few new changes with the activity as well.
It appears the group registered several more domains to be used on January 15, 2009. We have been able to identify 15 new domains associated with the trojan. Note that several of them also have "wale" in the domain. It would appear they have a sense of humor. As always do NOT visit these domains as they are malicious and hosting exploit code.
New Waledac Domains:
Update: A few hours after our post we learned of several new Waledac domains that were registered and went live today. These domains are as follows:
New Related Exploit Domain:
Full Domain Listing
Click here for a full listing of Waledac domains that we are aware of -- this link will be updated as well get them.
Your best bet is to block these domains or otherwise avoid them.
=>Posted January 19, 2009, at 01:33 PM by Steven Adair