Waledac has access to 500,000 POP3 email accounts and 124,000 FTP credentials

According to reports from Last Line security firm researchers have taken a closer insight into the inside of the renewed Waledac botnet and found that the Storm botnet successor contain passwords for almost 500,000 Pop3 email accounts, allowing spam to be sent through SMTP servers. Waledac masterminds hijack legitimate email servers and evade IP-based blacklisting techniques that many spam filters use to weed out junk messages.

Furthermore, Waledac controllers also possess almost 124,000 FTP credentials. Thereby they have a green light to run programs that automatically infect the websites with scripts that redirect users to sites that install malware and promote fake pharmaceuticals. Last month, the researchers identified almost 9,500 webpages from 222 sites that carried poisoned links injected by Waledac.

One month earlier security experts spotted a new malware-seeded spam which resembled the storm botnet but it was in its bloom in 2007 and 2008 and later it went silent.

“The Waledac botnet remains just a shadow of its former self for now, but that's likely to change given the number of compromised accounts that the Waledac crew possesses,” the Last Line researchers wrote.