1

Valentine’s Day Waledac Theme

In their most predictable fashion, the distributors of Waledac are engineering a new valentine’s day scheme for their malware delivery. The ThreatFire community is preventing you.exe, meandyou.exe, and onlyyou.exe from being run on desktops. The web servers appear to be serving the same file from each site with the names above, which ThreatExpert identifies accurately.

The distributors currently are using
hxxp://goodnewsreview.com
hxxp://worldnewseye.com
hxxp://www.spacemynews.com
hxxp://www.worldnewsdot.com
hxxp://www.worldtracknews.com
hxxp://www.wapcitynews.com
hxxp://linkworldnews.com
hxxp://goodnewsdigital.com
hxxp://waleprojekt.com
hxxp://expowale.com
hxxp://topwale.com
to serve up some these files and the nice graphics above with a cute question “Guess, which one is for you?”. Old sites listed at Shadowserver and other sites are being re-used as well with the new valentine’s day theme. A screenshot of one of the sites is above.
Along with the visual pleasantries, we are also seeing the standard set of commodity exploits served up to unsuspecting visitors via a redirection to a “google-analysis.js” obfuscated javascript.

DO NOT VISIT THESE SITES, DO NOT DOWNLOAD AND RUN THESE EXECUTABLES.

Compare to last year’s Valentine’s day Storm theme that we described in a post, which they served up “With love!”:

And another of Storm’s themes that we posted about here.

This entry was posted in Online Fraud. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>