Waled targets coupon-clippers

We’ve seen Waled pretend to be Barack Obama’s website, we’ve seen it delivering fake Valentine’s Day ecards – now Waled is sending out spam pretending to offer you coupons.

Waled Couponizer

You can click the image here to enlarge it, but you shouldn’t click anything on the real malware site – instead of coupons, you’ll find executable files with a variety of names including coupon.exe, coupons.exe, print.exe, save.exe, and this malware is unlikely to save you any money.

Even though the executable files keeps changing due to server-side polymorphism, we detect them proactively as Mal/WaledPk-A, and in fact the custom packer hasn’t changed all that much since the interesting case I mentioned recently. The webpage itself is also changing regularly (giving different filenames, among other things), and we’re now detecting it as Mal/WaledJs-A.

Don’t let your desire to get a good deal cloud your judgment – think before you click that link!