500,000 stolen email passwords discovered in Waledac's cache

Researchers peek inside the Waledac botnet to find 489,528 stolen email passwords, next to another cache of 123,920 stolen FTP passwords. Time to change your passwords?

Closely monitoring the post-take down activities of the Waledac botnet, security researchers took a peek inside the botnet's cache of stolen accounting data, and found half a million stolen email passwords, next to hundreds of thousands of stolen FTP passwords.

More info:

"More specifically, they have 123,920 login credentials to FTP servers at their disposal. This number is significant, considering the Waledac controllers use an automated program to login to these servers and patch (or upload) specific files to redirect users to sites that serve malware or promote cheap pharmaceuticals.

We also discovered 489,528 credentials for POP3 email accounts. These credentials are known to be used for “high-quality” spam campaigns."

Abuse scenarios

  • Stolen email accounts can be used for email impersonation attacks abusing the trust chain between the owner and a countless number of services and contacts related to him. Once the trust chain has been abused, the malicious attackers can also easily embed the accounting data into their spam platforms, in an attempt to take advantage of the DomainKeys ecosystem and increase the probability of reaching the user's Inbox.
  • The stolen FTP accounts are usually embedded in efficiency-driven blackhat SEO (black hat search engine optimization) tools, and managed spam/exploits-serving services, allowing the malicious attackers to easily tailor their campaigns, be it pharmaceutical scams, pure blackhat SEO campaigns with real-time syndication of trending topics across the Web, and, of course, serving client-side exploits through legitimate web sites.

See also:

This is perhaps the perfect moment to change your passwords -- in a perfect world best practices are in place -- from a malware-free host.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All