Waledac bot pitches nearby terrorist bombing to dupe users

Pitch customized for recipient's location for 'more compelling' trickery, says researcher

Hackers trying to trick users into downloading the Waledac Trojan are customizing their bait to the recipient's location, a security researcher said Tuesday, upping the social engineering ante yet again.

The latest round of spam messages from Waledac's makers trumpets news of a supposed bomb blast, said Paul Royal, principal researcher for Web security company Purewire Inc. The link included in the spam -- which comes armed with subject headings such as "Bomb was blasted in your town" and "At least 18 killed in your city" -- leads to a fake Reuters news service site, and a story that claims local fatalities from a bombing attack.

"Authorities suggested that the explosion was caused by a 'dirty' bomb," one version of the bogus site read. The site then uses the now-standard ruse of asking the user to download and install an update to Adobe System Inc.'s Flash Player to view video. The file is, of course, nothing of the sort, but is actually the Waledac Trojan horse.

"Within the last 24 to 48 hours, Waledac has switched to a fake Reuters news story," said Royal. In itself, that's nothing new: Attackers have leveraged current events to get users to download malware for years. "What's somewhat novel here is that the Waledac operators have added the notion of locality," he said.

"Either at the malware distribution point, or somewhere upstream from the user, they look at the IP address, use that to get your location, and then feed that into the news story so it says that the bomb blast was near a market in your city."

When Royal used an IP address in Chile, for example, he was served up with a link to a story that claimed the bombing had taken place in Santiago, that country's largest city and capital. "The content becomes more compelling," Royal said, when it poses as local news.

Waledac has become famous for using the cutting-edge social engineering tactics, one of the reasons why security researchers almost unanimously believe that its makers are from the group that operated the infamous Storm botnet last year.

"Storm's operators always chose to exploit things that were temporally relevant," said Royal. "And Waledac shows the same unique insight into using social engineering and what's current in the news."

Although Waledac has been active for several months, Royal noted that it has yet to build up a botnet that can rival Storm at its peak. "It's nowhere near as big," he said, noting that Purewire had pegged Storm as controlling as many as 400,000 PCs in late 2007. "It's harder to get an accurate number for Waledac," he admitted, "but our best guess is that it's in the 25,000 to 50,000 range."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags terrorism

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Show Comments



Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?