After monitoring the Waledac "infection domains" for more than a month, our last "interesting" event was the change in Look & Feel to the SMS Spy Program which we wrote about back on April 15th. In that blog article we mentioned that basically ALL of the domains used by Waledac, through the Valentine's Day campaign, the Couponizer campaign, the Terror Alert campaign, and the SMS Spy campaign, were all still alive!
Here's the newest change. ALL of the Waledac infection domains have now morphed into pill sites, and MANY of the older Waledac domains have finally been terminated.
Here's where stand with live FORMER Waledac domains. Many domains from the "Terror Alert" and "SMS Spy" alert are now forwarding on a random basis to domains which are either hosting Canadian Pharmacy or Canadian Health & Care Mall.
Of the Waledac domains that we were tracking, the following are now live forwarding domains:
"Canadian Health & Care mall" at arzuhuxupi.com
"Canadian Health & Care Mall" at rahtydryo.com
"Canadian Health & Care mall" at vennocvajgo.com
"Canadian Pharmacy" at earpassionate.com
"Canadian Pharmacy" at transformationforgiving.com
"Canadian Pharmacy" at giftedaglow.com
"Canadian Pharmacy" at strivingalive.com
The following Waledac domains now appear to be terminated: