YOU’RE NOT VIEWING PANDA SECURITY USA. CLICK TO IMPROVE YOUR EXPERIENCE
VISIT PANDA SECURITY USA

Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

x
48-HOUR OFFER
50%
RENEWALS
Home users only
RENEW AT A DISCOUNT
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
UP TO
-60%
BUY NOW
x
UP TO
-60%
BUY NOW
Active Scan. Scan your PC free

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Waledac.AX

Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

Waledac.AX carries out the following actions:

  • It sends spam messages related to pharmaceutical products. It uses any of the following subjects:
    Can your health problems be solved
    Give you lover new intimate feeling.
    Which one of enlarhing products really work?
    Healthy news mail.
    Imagine, how happy she will be if you take a blue pilule.
    Now you can get it up before anyone does!
    Your boner will be able to break the concrete walls.
    Let your intimate wishes come true.


    The following is an example of the spam it sends:

  • If users follow the link included in the message, they are redirected to a website that sells different pharmaceutical products:

  • It looks for email addresses in the affected computer in order to send them spam messages like this.
  • It sends this information, encrypted, together with other type of information, such as passwords, in a file with a random name to different IP addresses, so that its creator can access the gathered data.
  • It opens several ports in order to receive instructions from its creator, such as to send spam messages or to manage the gathered information.

Infection strategy 

Waledac.AX creates a copy of itself with a random name and an EXE extension in the directory where it has been run.

 

Waledac.AX creates the following entries in the Windows Registry:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    PromoReg =
     %path in which it has been run%\%copy of the worm%.exe
    By creating this entry, Waledac.AX ensures that it is run whenever Windows is started.
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RList
    %random characters%
  • HKEY_CURRENT_USER \Software\Microsoft\Windows\CurrentVersion\MyID
    %random characters%

Means of transmission 

Waledac.AX spreads via email in messages that offer a fake service that allows any user to read the SMS received in any mobile phone:

The message contains a link to a malicious website. If the user follows the link, a window will be opened so that the user downloads a file, which belongs to a copy of the worm:

The filenames it uses are variable, but they are usually related to the fake software, such as TRIAL.EXE.

It sends email messages like this to the email addresses it has gathered using its own SMTP engine.

Further Details  

Waledac.AX is 420,864 bytes in size and is compressed with UPX.

ARE YOU FACING ANY PC OR INTERNET RELATED PROBLEMS?
FREE SUPPORT INCLUDED. CALL US 24/7

powered by Anytech365