500,000 Stolen Email Passwords Uncovered in Waledac Botnet Cache

After the successful takedown and subtle return of the Waledac Botnet, a popular peer-to-peer group of compromised computers instructed to download and install malware, researchers have uncovered half a million stolen email passwords within the botnet's cache (data storage for future instructions/requests).

We reported earlier this year that a new version of Waledac was uncovered in massive spam campaigns which lead us to believe that the infamous botnet was back in action. The Waledac botnet was part of a vicious spam campaign that delivered malicious e-card messages.

Waledac is a computer worm that has infected large numbers of computers which are then compromised to carry out instructions to conduct malicious actions over the Internet. The group of compromised computers is referred to as the Waledac Botnet which are under the control of meticulous hackers with the intent to extort computer users through abusive campaigns.

Recently posted on the tllod.com (The Last Line Of Defense) blog was evidence that they discovered roughly 489,528 login credentials for POP3 email accounts. The researchers at TLLOD were able to get an in-depth look at Waledac and its botmasters, or individuals who used automated programs to login to Waledac controlling servers. They observed 222 websites that were compromised such as hxxp://access-destination.com/fydb76lp.html (do not visit) which downloads malicious code that could initiate the installation of malware. Many of these websites were ones that promoted discounted pharmaceuticals.

The stolen email credentials, including login passwords, were used in the spam campaign earlier this year exploiting users through fake e-card messages. Researchers found out that the techniques used in the spam campaign abused legitimate mail servers by authenticating as the victim, which can easily be done if you have the email login and password. Not so surprisingly, the Waledac group had also obtained approximately 123,920 login credentials to FTP servers for them to use at will. Stolen FTP accounts would allow attackers to customize their campaigns with real-time syndication of trending topics over the Internet. Think about it, the Waledac group has almost 500,000 victims at their disposal and one of them could be you.

With such a vast amount of email login credentials compromised by one group, it may be a good time to change your email password. It may be in your best interest to be mindful of that new spam campaigns are commenced all the time especially leading up to a popular news event or holiday such as Valentines Day. If Waledac can harbor a half a million email login credentials, then other well-known and newly created botnets could do the same.