The Waledac botnet has been activated and it is now sending spam promoting videos of Independence Day, even if we are only July 3rd. They are using multiple web pages with titles like “Fourth of July Fireworks Shows”. Users wishing to view the video are asked to click an image that returns an executable and to then click “Run”. This of course won’t display any video but will infect the victim with the latest variant of Waledac. ESET detects this latest variant as Win32/Waledac.JT.
Thanks to Joan Calvet for his help on this research.
Author Pierre-Marc Bureau, ESET