The once-mighty Waledac botnet, which lay dormant for most of 2010, has suddenly made a strong resurgence into the spam-spewing scene -- and it’s likely that your inbox will soon feel its presence.
In a Feb. 1 blog post, researchers from the online security company The Last Line of Defense said they had analyzed the botnet — a network of linked PCs that send massive amounts of spam — and found that Waledac is storing nearly 500,000 logins and passwords for e-mail accounts. (The security company specializes in analyzing malware and spam.)
The credentials can be used by Waledac’s operators to trick servers into authenticating the botnet and allowing it to bypass security protocols and carry out junk-mail campaigns.
Researchers also found about 124,000 logins and passwords for file-transfer protocol (FTP) servers, which facilitate large-scale file sharing. This puts those who host FTP servers – and many large organizations do -- in serious danger of cyberattack.
Waledac’s resurgence came as a surprise to analysts. In early 2010, Microsoft, along with researchers from the University of Mannheim in Germany and the University of Vienna, helped take down the notorious network, which had between 70,000 and 90,000 computers in its zombie army and was capable of sending more than a billion spam e-mails per day.
The botnet remained out of commission until the end of December 2010, when it began clogging inboxes with holiday e-cards.
Cybersecurity and spam experts believe that even when high-profile botnets are taken down, they don’t stay inactive for long. Others such as the prominent “Rustock,” “Grum” and “Cutwail” botnets are also likely to pick up a fallen colleague’s slack.
In this case, the title of the researchers’ blog post, “Calm Before the Storm? Insights into Waledac 2.0” portends ominous spam skies ahead.