Symantec researchers have found an interesting connection between the notorious Waledac (Kelihos) and Virut botnets. Apparently, when the Virut malware infects a computer, it also downloads W32.Waledac.D.
It turns out that the Waledac botnet masters have recovered quite well from the disruptions caused by the security industry.
A large number of computers have already been infected with Waledac and each of the zombies is capable of sending out around 2,000 spam emails per hour.
Experts say that if a quarter of the 300,000 computers infected with Virut downloaded Waledac as well, around 3.6 billion spam emails could be sent out in one day, considering that the active period of a compromised device is 24 hours.
The spam emails generated by Waledac come with various subject lines, some of them being utilized to advertise shady pharmacies and performance-enhancing medication.
“The coexistence of Virut and Waledac on a single computer is further example of malware groups using affiliate programs to spread their threats, and that threats can be linked and coexist on an already compromised computer,” Symantec experts explained.