Researchers are increasingly noting the use of botnet infrastructure as the primary delivery means for badware, adware, spam and everything else, with zombie networks having become so ubiquitous in general that well-known iterations thereof are frequently being rolled out for use specifically over certain events or holidays.
No better example of this may exist than Waledac, which, while riding other popular threat advertising models from time-to-time, has seemingly had a holiday bent to it since first being noted widely in Christmas-themed attacks that started last December.
While researchers including those at Microsoft traced the origins of the Trojan botnet back a good few months earlier, those people controlling the threat campaign waited for the holidays to hit the gas pedal, mostly via phony e-card spam.
Less frequent use of bomb scares and politics aside, Waledac has since re-emerged on New Year’s, Valentine’s Day and newly, for the U.S. Independence Day weekend. It skipped April 1st and Easter, but let’s face it, those are “B” holidays anyways, at least for most people, not to compare the two.
The botnet is not one of the world’s top spam or malware producers, despite it’s wide recognition, so it would seem that the botnet’s controllers truly like the holiday thing.
The July 4th appearance was noted by a number of researchers including those working at Purewire. Many of the most recent attacks revolve around phony YouTube lures promising videos of a fireworks display in a nod to the nation’s birthday, company researchers said in their blog post.
Experts have long held that the smartest botnet operators will continue to play their hands wisely as they dodge and weave and protect their armies for maximum impact during larger operations.
For now, Waledac would seem to have assumed the roll for its owners of holiday favorite, or maybe that’s when they can charge the highest rates to their clients. Who knows.
See you again on Labor Day? Or maybe not until Halloween?
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.