« April 2010 · October 2010 »

June 2010
MonTueWedThuFriSatSun
 010203040506
07080910111213
14151617181920
21222324252627
282930    
July 2010
MonTueWedThuFriSatSun
   01020304
05060708091011
12131415161718
19202122232425
262728293031 
August 2010
MonTueWedThuFriSatSun
      01
02030405060708
09101112131415
16171819202122
23242526272829
3031     

Calendar:

  • 15.08.2010: Spam using RU domains - Who's your nameserver?
  • 13.08.2010: Binary Whitelisting Service
  • 02.08.2010: Of Opinions and Anti-Virus Testing
  • 05.07.2010: Lies, Damn Lies, and Botnet Size
  • 09.06.2010: Shadowserver Sinkholing domain associated with SQLi attacks on IIS/ASP web servers
Newest first Oldest first

Monday, 2 March 2009

Waledac Coupon Campaign & Updated Domain List


We have been slacking some on updating the Waledac domain list, but managed to make some updates yesterday. The domains are kept updated at the following URL:

http://www.shadowserver.org/wiki/uploads/Calendar/waledac_domains.txt

We have also introduced a new URL which is all of the Waledac domains in alphabetical order with no comments or anything else. It currently has 143 domains on it and can be reached via the following URL:

http://www.shadowserver.org/wiki/uploads/Calendar/waledac_list.txt

These should both be updated at the same time from now on as we add new ones to the list. Please use the domains as you see fit for detecting malicious activity and proactive blocking. The following 39 domains have recently been added to list: 

	beadcareer.com
	beadworkdirect.com
	bestcouponfree.com
	bestmazdadealer.com
	bluevalentineonline.com
	buymazdacars.com
	codecouponsite.com
	deathtaxi.com
	funnyvalentinessite.com
	greatcouponclub.com
	greatmazdacars.com
	greatsalesavailable.com
	greatsalesgroup.com
	greatsalestax.com
	greatsvalentine.com
	greatvalentinepoems.com
	macride.com
	mazdaautomotiveparts.com
	mazdacarclub.com
	mazdaspeedzone.com
	netcitycab.com
	petcabtaxi.com
	smartsalesgroup.com
	superpartycab.com
	supersalesonline.com
	thecoupondiscount.com
	themazdacar.com
	themazdaspeed.com
	thevalentinelovers.com
	thevalentineparty.com
	wirelessvalentineday.com
	workcaredirect.com
	workhomegold.com
	worklifedata.com
	yourcountycoupon.com
	yourmazdacar.com
	yourmazdatribute.com
	yourvalentineday.com
	yourvalentinepoems.com

New Theme & Exploits


In the last week or so too, you may have noticed that Waledac recently moved to a new theme about the Economic Crisis and having downloadable coupons. This is just the latest social engineering lure to attempt to get users to install the trojan on their system.

Additionally, for some time now, Waledac has been linking to exploit code that it hosts itself. Lately the domain involved seems to frequently be "chatloveonline.com" with an iframe pointing to it and the URL "/tds/Sah7". See be on the lookout and don't visit Waledac domains to avoid the exploits.

=>Posted March 02, 2009, at 12:20 PM by Steven Adair