F-Secure
Tools
Trojan:W32/Waledac.gen
| Name : | Trojan:W32/Waledac.gen |
| Detection Names : |
Trojan:W32/Waledac, Packed:W32/Waledac |
| Aliases : |
W32/Waled-G (Sophos) W32/Waledac.gen (McAfee) Trojan:Win32/Waledac (Microsoft) W32.Waledac (Symantec) |
| Category: | Malware |
| Type: | Trojan |
| Type: | Email-Worm |
| Platform: | W32 |
Summary
Trojan:W32/Waledac.gen is generic detection of the Waledac trojan.
Additional Details
Trojan:W32/Waledac.gen is generic detection of the Waledac trojan.
Waledac is a spammed trojan that is capable of harvesting and forwarding password information.
Social engineering tricks are used to tempt the victim. Fake Barack Obama websites have been used as bait during the US elections. Obama spam was also used during the US Presidential Inauguration. Waledac spam frequently uses holidays and news headlines.
Waledac is capable of receiving commands from a remote server. Commands include instructions on functions to perform (for example, update malware components or send information from the infected computer).
Samples analyzed in the lab downloaded Rogue antispyware applications.
Detections
Examples of generic detection names include:
Waledac variants use lists of hardcoded IP addresses to determine where it sends harvested data. More recent variants can also update their lists from the remote command server.
Packers
The packers used by Waledac are different depending on the variant. Cryptor is being used as of January, 2009.
Example
For a representative example, please see:
Waledac is a spammed trojan that is capable of harvesting and forwarding password information.
Social engineering tricks are used to tempt the victim. Fake Barack Obama websites have been used as bait during the US elections. Obama spam was also used during the US Presidential Inauguration. Waledac spam frequently uses holidays and news headlines.
Waledac is capable of receiving commands from a remote server. Commands include instructions on functions to perform (for example, update malware components or send information from the infected computer).
Samples analyzed in the lab downloaded Rogue antispyware applications.
Detections
Examples of generic detection names include:
• Trojan:W32/Waledac.gen!A
• Trojan:W32/Waledac.gen!B
• Packed:W32/Waledac.gen!A
• Packed:W32/Waledac.gen!B
Waledac variants use lists of hardcoded IP addresses to determine where it sends harvested data. More recent variants can also update their lists from the remote command server.
Packers
The packers used by Waledac are different depending on the variant. Cryptor is being used as of January, 2009.
Example
For a representative example, please see: