Wednesday, April 15, 2009

Waledac shifts to SMS Spy program

We've known that Waledac spreads itself via Social Engineering - convincing users that they WANT to download a program. Recently we've seen Waledac acting as a Valentine's Day E-Card, a Couponizer program, and a Fake News Story about a Dirty Bomb.

Today the UAB Spam Data Mine began to get spam messages for a new Social Engineering trick. Here are some of the email subjects we're seeing:

Read his SMS
The world's most advanced sms reading program
Now, It's possible to read other people's SMS
Read other people's SMS online
You can read anyone's SMS

The email bodies point to the websites with lines like these:

Do you trust her?
You can read anyone's SMS
Do you really trust her?
Do you really trust him?
Are you ready to know the truth?
Are you sure you want to know?

The webpage you visit looks like this:

The malware which you can download from the page is recognized by 13 of the 39 Anti-Virus products tested according to this VirusTotal Report.

File size: 419840 bytes
MD5...: 8623f18666be9d480710b29eab3b796a

The root problem with Waledac's long-lived domains is they are using a Chinese domain name registrar who won't cooperate with anyone on shutdowns. We have sent shutdown requests to their abuse contact, in both English and Chinese, and have received no cooperation whatsoever. If you have good contact information for "", we really could use an introduction, thank you! No one answers their "" email address, but perhaps a Chinese speaker might call them at +86.5922669769 ? ? ?

The complete list of NEW domain names created for this round of Waledac are:

But a great number of the previous domains are also still live, and still serving Waledac, including:

If you have contact at, these ALL need killed, thank you! They are all now distributing the new "SMS Spy" version of Waledac.

1 comment:

  1. Thanks for the info. What's you thoughts about parents monitoring their child smartphone? As for me I believe at least I have some security app installed on my teens phone because it is also my responsibility to keep them safe from online sex predators and even sexting. My kids are using apple so I'm using iPhone espionage Gadget for their safety.


Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.