Waled targets coupon-clippers

We’ve seen Waled pretend to be Barack Obama’s website, we’ve seen it delivering fake Valentine’s Day ecards - now Waled is sending out spam pretending to offer you coupons.

You can click the image here to enlarge it, but you shouldn’t click anything on the real malware site - instead of coupons, you’ll find executable files with a variety of names including coupon.exe, coupons.exe, print.exe, save.exe, and this malware is unlikely to save you any money.

Even though the executable files keeps changing due to server-side polymorphism, we detect them proactively as Mal/WaledPk-A, and in fact the custom packer hasn’t changed all that much since the interesting case I mentioned recently. The webpage itself is also changing regularly (giving different filenames, among other things), and we’re now detecting it as Mal/WaledJs-A.

Don’t let your desire to get a good deal cloud your judgment - think before you click that link!

Posted on February 24th, 2009 by Richard Cohen, SophosLabs Canada
Filed under: Malware

Windows 7 security - A great leap forward or business as usual?

About SophosLabs

SophosLabs protects businesses from known and emerging malware - viruses, rootkits and spyware - and other computer threats like phishing, spam and scams. Learn more about the people who write this blog.

RSS feed

Hot video

International Kill-A-Zombie Day

SophosLabs blog