Websense’ Security Alert
April 2009 by Websense
Websense® Security Labs ThreatSeeker Network has detected a new Waledac variant in the wild being distributed via email since yesterday.
The new campaign uses a theme whereby the user is enticed to download an application that will permit them to view other people’s SMS messages online. The download file uses alternating filenames, including sms.exe, freetrial.exe, and smstrap.exe. ThreatSeeker has identified thousands of spam emails using this theme.
Not all major antivirus vendors are currently detecting this threat according to this VirusTotal report.
Websense Messaging and Websense Web Security customers are protected against this attack.
Quote from Carl Leonard, Threat Research Manager, Websense Security Labs: “They are playing on peoples nosey or suspicious nature, however the application doesn’t give the user the ability to spy on others peoples SMS messages. Instead it installs a number of executable files to incorporate the users machine into Waledac’s botnet. The irony is quite fitting, the user intended to spy on others but ends up being compromised themselves.”