The Waledac botnet made a massive comeback in the past week, having stopped spamming altogether on 4 January.
Various mega-botnets appeared to take a break from their spamming duties over the past month, leaving security researchers at a loss as to why, but this week a big resurgence was recorded.
Members of Waledac, also known as the Storm botnet, were sent a new variant and on 12 January the network began spamming again.
"Now it's back to sending pharmaceutical spam promoting the magic blue pill' which we have seen previous versions of Waledac do in the past," Websense explained in a blog.
"As in previous spam campaigns, the spammers are using redirections via compromised legitimate sites."
The updated botnet appears to have grown as well, according to Symantec, with 1400 bots seen between 11 and 12 January, with most discovered in the US and Europe.
The new version of Waledac has organised its bots in a peer-to-peer network containing "the characteristics of a fast-flux network," Symantec said.
"This kind of network is resistant to bots going online and offline, and it can reconfigure itself very quickly, rendering it a very dangerous botnet," the security giant's Andrea Lelli said in a blog.
Lelli hypothesised on reasons behind the botnet's downtime as well, having investigated some updated Waledac code.
"This new added code seems to be simply validating a parameter (the size of the send queue); perhaps the previous version of the bot had a bug that caused it to malfunction in case the size of the queue was not properly set," she added.
"Perhaps this bug caused the botnet downtime that we observed?"
Symantec also said it was a "suspicious coincidence" Waledac had started spamming again at the same time as the Rustock botnet, another serious spammer, resurrected its activities.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up stingNews Europol has detained several people believed to be involved in a botnet operation as part of a follow-up to a major takedown last year.
-
Horabot campaign targeted businesses for more than two years before finally being discoveredNews The newly-discovered Horabot botnet has attacked companies in the accounting, investment, and construction sectors in particular
-
Brand-new Emotet campaign socially engineers its way from detectionNews This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macros
-
Microsoft says “it’s just too difficult” to effectively disrupt ransomwareNews The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
-
Beating the bad bots: Six ways to identify and block spam trafficIn-depth Not all traffic is good. Learn how to prevent bad bots from overrunning your website
-
Ukraine's vigilante IT army now has a DDoS bot to automate attacks against RussiaNews The 270,000-strong IT Army of Ukraine will now combine supporters' cloud infrastructure to strengthen the daily attacks against their invaders
-
Microsoft's secure VBA macro rules already being bypassed by hackersNews Recent analysis of Emotet activity has revealed a shift away from malicious Office documents to drop malware
-
Emotet infrastructure has almost doubled since resurgence was confirmed
News Researchers confirm the infrastructure has also been upgraded for a "better secured", more resilient operation
