The Waledac botnet made a massive comeback in the past week, having stopped spamming altogether on 4 January.
Various mega-botnets appeared to take a break from their spamming duties over the past month, leaving security researchers at a loss as to why, but this week a big resurgence was recorded.
Members of Waledac, also known as the Storm botnet, were sent a new variant and on 12 January the network began spamming again.
"Now it's back to sending pharmaceutical spam promoting the magic blue pill' which we have seen previous versions of Waledac do in the past," Websense explained in a blog.
"As in previous spam campaigns, the spammers are using redirections via compromised legitimate sites."
The updated botnet appears to have grown as well, according to Symantec, with 1400 bots seen between 11 and 12 January, with most discovered in the US and Europe.
The new version of Waledac has organised its bots in a peer-to-peer network containing "the characteristics of a fast-flux network," Symantec said.
"This kind of network is resistant to bots going online and offline, and it can reconfigure itself very quickly, rendering it a very dangerous botnet," the security giant's Andrea Lelli said in a blog.
Lelli hypothesised on reasons behind the botnet's downtime as well, having investigated some updated Waledac code.
"This new added code seems to be simply validating a parameter (the size of the send queue); perhaps the previous version of the bot had a bug that caused it to malfunction in case the size of the queue was not properly set," she added.
"Perhaps this bug caused the botnet downtime that we observed?"
Symantec also said it was a "suspicious coincidence" Waledac had started spamming again at the same time as the Rustock botnet, another serious spammer, resurrected its activities.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up stingNews Europol has detained several people believed to be involved in a botnet operation as part of a follow-up to a major takedown last year.
-
Horabot campaign targeted businesses for more than two years before finally being discoveredNews The newly-discovered Horabot botnet has attacked companies in the accounting, investment, and construction sectors in particular
-
Brand-new Emotet campaign socially engineers its way from detectionNews This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macros
-
Microsoft says “it’s just too difficult” to effectively disrupt ransomwareNews The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
-
Beating the bad bots: Six ways to identify and block spam trafficIn-depth Not all traffic is good. Learn how to prevent bad bots from overrunning your website
-
Ukraine's vigilante IT army now has a DDoS bot to automate attacks against RussiaNews The 270,000-strong IT Army of Ukraine will now combine supporters' cloud infrastructure to strengthen the daily attacks against their invaders
-
Microsoft's secure VBA macro rules already being bypassed by hackersNews Recent analysis of Emotet activity has revealed a shift away from malicious Office documents to drop malware
-
Emotet infrastructure has almost doubled since resurgence was confirmed
News Researchers confirm the infrastructure has also been upgraded for a "better secured", more resilient operation
