Waledac is Back!

The Waledac botnet has been activated and it is now sending spam promoting videos of Independence Day, even if we are only July 3rd. They are using multiple web pages with titles like “Fourth of July Fireworks Shows”. Users wishing to view the video are asked to click an image that returns an executable and to then click “Run”. This of course won’t display any video but will infect the victim with the latest variant of Waledac. ESET detects this latest variant as Win32/Waledac.JT.


Waledac Fake Video

Thanks to Joan Calvet for his help on this research.


Pierre-Marc Bureau

Senior Researcher

Author Pierre-Marc Bureau, ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.