Beware of "Local Breaking News"

Over the past month, botherders have been using fake coupon websites to host Waledac malware. Today, these criminals have updated their theme to use "Reuters breaking news" with localized content to easily captivate unwary users. It uses IP geolocation services to achieve content localization which we have mentioned before in our previous blog. As usual, a link from the fake website point to a Waledac binary and to make it more legitimate looking, "Related Links" to Wikipedia and Google Search were added.

The malicious URL links are being spammed by Waledac. The subject lines vary but they may look like any of these:

So be wary of any of these "Bomb news" or other sensational news stories, the criminals might end up "bombing" your computer.