$ 11.99|https://store.pandasecurity.com/300/purl-vpn?currencies=USS&x-track=55499&cart=iA001PVPNS05&language=en&quantity=1&enablecoupon=false&coupon=1STMOFFPD&x-coupon=1STMOFFPD&x-market=usa&x-track=190478|$ 0.00|$;PREFIX;.;,;11;99;0;00

It ends in:

Days Hours Minutes
See offers

It ends in:

Days Hours Minutes

The best protection with a 60% discount

Apply discount

Get 40% discount! Discover the plan that suits you best!

See offer

Get 40% discount! Discover the plan that suits you best!

See offer

Renew and get 50% off*

Only available for 48 hours!

::

*For home users only

Renew at a discount
::

Renew and get 50% off*

Renew
*Home users only

*For home users only Renew and get 50% off*

::
Renew

Special offer: Renew and get 50% off**

Only available for 48 hours!

::

*For home users only

Renew at a discount

*For home users only Special offer: Renew and get 50% off*

::04
Renew

Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

Call us 24/7 and get a free diagnosis 951 203 528

Active Scan. Scan your PC free

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Waledac.AX

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

Waledac.AX carries out the following actions:

  • It sends spam messages related to pharmaceutical products. It uses any of the following subjects:
    Can your health problems be solved
    Give you lover new intimate feeling.
    Which one of enlarhing products really work?
    Healthy news mail.
    Imagine, how happy she will be if you take a blue pilule.
    Now you can get it up before anyone does!
    Your boner will be able to break the concrete walls.
    Let your intimate wishes come true.

    The following is an example of the spam it sends:

  • If users follow the link included in the message, they are redirected to a website that sells different pharmaceutical products:

  • It looks for email addresses in the affected computer in order to send them spam messages like this.
  • It sends this information, encrypted, together with other type of information, such as passwords, in a file with a random name to different IP addresses, so that its creator can access the gathered data.
  • It opens several ports in order to receive instructions from its creator, such as to send spam messages or to manage the gathered information.

Infection strategy 

Waledac.AX creates a copy of itself with a random name and an EXE extension in the directory where it has been run.

 

Waledac.AX creates the following entries in the Windows Registry:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    PromoReg =     %path in which it has been run%\%copy of the worm%.exe
    By creating this entry, Waledac.AX ensures that it is run whenever Windows is started.
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RList
    %random characters%
  • HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\MyID
    %random characters%

Means of transmission 

Waledac.AX spreads via email in messages that offer a fake service that allows any user to read the SMS received in any mobile phone:

The message contains a link to a malicious website. If the user follows the link, a window will be opened so that the user downloads a file, which belongs to a copy of the worm:

The filenames it uses are variable, but they are usually related to the fake software, such as TRIAL.EXE.

It sends email messages like this to the email addresses it has gathered using its own SMTP engine.

Further Details  

Waledac.AX is 420,864 bytes in size and is compressed with UPX.

ARE YOU FACING ANY PC OR INTERNET RELATED PROBLEMS?
FREE SUPPORT INCLUDED. CALL US 24/7

powered by Anytech365

0203 769 3439