Up until recently, Waledac’s main purpose had been to peddle performance-enhancing pharmaceuticals by sending large runs of unsolicited mail to thousands of unwilling recipients. Today we noticed a shift in this trend. In addition to sending large volumes of spam, Waledac is now distributing misleading applications. In our testing we noticed that the misleading application that is installed this time around is MS AntiSpyware 2009. You can see the standard social engineering techniques used by this program in the following screenshot:
While somewhat surprising, it’s not entirely unexpected that this worm is now being used to distribute this kind of application. Waledac is still attempting to leverage Valentine’s Day as it attempts to trick unsuspecting users into downloading and running the malicious binaries. The following screenshot shows the current content shown on Waledac websites:
The following subject lines appear in spam email sent by Waledac. Remember to only open or handle email that comes from known and trusted sources.
"Great variety of little helpers for your health"
"Canadian chemist – invest in your happy future"
"Improvement to your xxxlife is one click away"
"Live life to the fullest"
These domains have recently been associated with Waledac:
Symantec detects this threat as W32.Waledac. Be sure to keep your antivirus definitions up-to-date in order to protect your computer from the latest versions of this malicious code.