Gilou Tenebro's blog

Trojan.Bredolab is a threat that has been distributed widely and consistently this year. This research paper takes a closer look at the Trojan to discover how it works, why it’s so widespread, and the motivations behind it.

Over the past few weeks a series of blog entries were published about W32.Waledac:

Waledac – an Overview

Waledac, Part 2: Its Bootstraps and Armor

In a previous post I provided an overview of W32.Waledac’s functionalities, tactics, origin, and connections. This time, I will discuss more on the bootstrap mechanisms and armoring techniques used by Waledac in order to sustain and protect itself.

Installation

A few weeks ago, while most people were busy preparing for 4th of July celebrations and looking forward to a long weekend, W32.Waledac launched a new spam campaign. The links in the spam emails led to a website claiming to contain a fireworks video.

W32.Waledac has launched a new spam campaign using a 4th of July theme. Below are some screenshots of sample spam emails with the new theme.