Please create an account to participate in the Slashdot moderation system


Forgot your password?

Submission + - New Waledec Botnet Variant Sniffs Passwords (

wiredmikey writes: The Waledec botnet, which was taken down in 2010 by Microsoft, was responsible for more spam delivery than any other botnet in its class with a reach of about 1.5 billion emails a day. Earlier this month, researchers at Palo Alto Networks discovered a third variant of the botnet, and it was serving up more than just spam.

According to the researchers, this new version includes the ability to sniff user credentials for FTP, POP3, SMTP, and steal .dat files for FTP and BitCoin, all of which can be uploaded to the botnet, and of course be very valuable for enabling further attacks.

While Palo Alto Networks discovered a third variant, following Microsoft’s takedown of Waledec, Shadowserver’s Steven Adair discovered a second variant in early 2011. A month later, researchers from malware intelligence firm Last Line were able to examine the botnet code and discovered 123,920 FTP account credentials. In addition to the FTP access, they discovered nearly 500,000 credentials used for POP3 services.

Just last week Symantec noticed Waledac spreading spam in what appears to have been an attempt at political activism.

So while the original botnet has been taken down and remains under the control of Microsoft, thse new variant pose new risks to users and organizations.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New Waledec Botnet Variant Sniffs Passwords

Comments Filter:

Things are not as simple as they seems at first. - Edward Thorp