- 25.08.2009: Shadowserver is formally granted Federal 501(c)(3) non-profit status
- 10.07.2009: Korean/U.S. DDoS Attacks - Perplexing, Disruptive, and Destructive
- 04.07.2009: See below.
- No entries for June 2009.
Saturday, 4 July 2009
Independence Day - Waledac July 4th Update - New Domains Added
Happy Independence Day to those of you that are here int he United States of America. Just wanted to put out a quick update on Waledac. We have been keeping an eye on it for a bit and it's been actively spamming and updating clients to Fake Antivirus products for the last few months. However, we also saw it start spamming itself out again starting yesterday. Actually saw a quick first post of the from sudosecure.net:
No real need to have tons of duplicate write-ups and screen shots. You can get the same basic information from the site. It's the standard spam to a link involving a fake YouTube video that wants you to download an executable.
The following are the most recent Waledac domains:
4thfirework.com biumer.com entrank.com fireholiday.com fireworksholiday.com fireworksnetwork.com fireworkspoint.com freeindependence.com gemells.com handyphoneworld.com happyindependence.com holidayfirework.com holidaysfirework.com holifireworks.com interactiveindependence.com movie4thjuly.com moviefireworks.com movieindependence.com movies4thjuly.com moviesfireworks.com moviesindependence.com outdoorindependence.com smophi.com superhandycap.com thehandygal.com video4thjuly.com videoindependence.com yourhandyhome.com yusitymp.com
Additionally the domain "miosmschat.com" has been receiving similar updates from Waledac. However, this domain has been around for a while and has been used to grab updates from Waledac infected clients.
We have updated our Waledac domain lists that you can use to block/track Waledac domains. The first URL is to the list that is updated with timestamps, ugly comments, and newest domains at the bottom:
We also have the all-time Waledac domain list that contains just the domain listing since the start. It currently has 244 domains on it and can be reached via the following URL:
These are domains you definitely want to avoid visiting and consider blocking where possible.
=>Posted July 04, 2009, at 08:13 AM by Steven Adair