Waledac family activity has increased during the last months. The malware creators have been using several social engineering techniques to spread these samples: important dates like Christmas and Valentine’s Day, important events such as the appointment of Barack Obama as president of the United States or fake news.


Currently, the technique is to offer a service that allows someone to read the sms received in a certain phone number. Obviously, it is a completely fake service and it could even be described as illegal and immoral. After accessing the website, downloading and running the software, the computer is infected and immediately starts hosting the infection website and executable on the victims computer.


 Snapshot of the Waledac Network:

Waledac.AU Snapshot

The main function of the Waledac family, besides its own propagation, is to send spam messages to the email accounts obtained from the infected computer. Additionally, it can carry out other malicious actions, such as downloading malware, opening ports in order to receive instructions (acting as a botnet) and stealing passwords which are then sent to remote URLs.


The following graph represents the evolution of the files detected as Waledac received in our inboxes during the last three months:


Taking into account the data regarding the first two weeks of April, there has been an increase of almost 200% comparing with February's figures.


Which will be the next subject used by the malware creators to spread this worm?  We’ll know it soon…