What is Waledec?:

Waledec, also spelled Waledac, is the name of a botnet used to relay malicious spam. The Waledec distributed spam often consists of fraudulent greeting cards and breaking news events. The links contained in the body of the email point to malicious websites which silently deliver exploit code when visited. Typically, these include Adobe Reader, Adobe Flash, Internet Explorer and OWC10 (Office Web Components) exploits, but any vulnerable installed software can be targeted.


It is believed by many that Waledec is simply the modern version of the Storm worm first discovered in August 2006 and named Storm in January 2007.

What is a botnet?:

A botnet is a collection of compromised (infected) computers under the collective control of remote attackers. The malware on the infected computer is known as a bot, a type of backdoor or remote access trojan (RAT). Bots communicate with botnet command and control (c&c) servers, enabling the remote attacker to update existing infections, push new malware, or instruct the infected computer to carry out specific tasks. In general, the presence of the bot gives the remote attacker the same abilities as the legitimate logged in user.

What Does Waledec Do?:

Waledec is used to distribute scareware, a type of fraudulent software that tries to trick users into believing their systems are infected in an attempt to extract payment for a bogus removal tool. Waledec also tries to "recruit" new bots, by sending malicious email that contain links to websites foisting the backdoor bots used to join infected systems to the Waledec botnet.

In addition to its malicious purposes, Waledec uses the infected systems as spam proxies, sending large volumes of unwanted email through those systems in order to avoid blacklisting and hide the true origin of the spam.