« April 2009 · October 2009 · September 2017 »

June 2009
MonTueWedThuFriSatSun
01020304050607
08091011121314
15161718192021
22232425262728
2930     
July 2009
MonTueWedThuFriSatSun
  0102030405
06070809101112
13141516171819
20212223242526
2728293031  
August 2009
MonTueWedThuFriSatSun
     0102
03040506070809
10111213141516
17181920212223
24252627282930
31      

Calendar:

  • 25.08.2009: Shadowserver is formally granted Federal 501(c)(3) non-profit status
  • 10.07.2009: Korean/U.S. DDoS Attacks - Perplexing, Disruptive, and Destructive
  • 04.07.2009: See below.
  • No entries for June 2009.
Newest first Oldest first

Saturday, 4 July 2009

Independence Day - Waledac July 4th Update - New Domains Added


Happy Independence Day to those of you that are here int he United States of America. Just wanted to put out a quick update on Waledac. We have been keeping an eye on it for a bit and it's been actively spamming and updating clients to Fake Antivirus products for the last few months. However, we also saw it start spamming itself out again starting yesterday. Actually saw a quick first post of the from sudosecure.net:

No real need to have tons of duplicate write-ups and screen shots. You can get the same basic information from the site. It's the standard spam to a link involving a fake YouTube video that wants you to download an executable.

The following are the most recent Waledac domains:

	4thfirework.com
	biumer.com
	entrank.com
	fireholiday.com
	fireworksholiday.com
	fireworksnetwork.com
	fireworkspoint.com
	freeindependence.com
	gemells.com
	handyphoneworld.com
	happyindependence.com
	holidayfirework.com
	holidaysfirework.com
	holifireworks.com
	interactiveindependence.com
	movie4thjuly.com
	moviefireworks.com
	movieindependence.com
	movies4thjuly.com
	moviesfireworks.com
	moviesindependence.com
	outdoorindependence.com
	smophi.com
	superhandycap.com
	thehandygal.com
	video4thjuly.com
	videoindependence.com
	yourhandyhome.com
	yusitymp.com

Additionally the domain "miosmschat.com" has been receiving similar updates from Waledac. However, this domain has been around for a while and has been used to grab updates from Waledac infected clients.

We have updated our Waledac domain lists that you can use to block/track Waledac domains. The first URL is to the list that is updated with timestamps, ugly comments, and newest domains at the bottom:

We also have the all-time Waledac domain list that contains just the domain listing since the start. It currently has 244 domains on it and can be reached via the following URL:

These are domains you definitely want to avoid visiting and consider blocking where possible.

=>Posted July 04, 2009, at 08:13 AM by Steven Adair