In 2010 Microsoft was able to terminate the activity of the Waledac botnet, which at the time was famous for being a large source of spam. However, Palo Alto Networks researchers came across a new variant of the botnet which is not used only for spamming, but also for stealing sensitive data from the infected devices.
The new version of Waledac was spotted on February 2 and experts have been analyzing it ever since. They conclude that it’s still sending spam, but it can also steal passwords and authentication data, including credentials for FTP, POP3, SMTP.
Besides this, Waledac also steals .dat files for FTP and BitCoin and uploads them to the botnet.
By relying on their WildFire systems, which enable a firewall to capture unknown files and analyze them in a malware sandbox, Palo Alto Networks were able to identify how the new variant behaves.
Read more
