We’ve seen Waled pretend to be Barack Obama’s website, we’ve seen it delivering fake Valentine’s Day ecards – now Waled is sending out spam pretending to offer you coupons.
You can click the image here to enlarge it, but you shouldn’t click anything on the real malware site – instead of coupons, you’ll find executable files with a variety of names including coupon.exe, coupons.exe, print.exe, save.exe, and this malware is unlikely to save you any money.
Even though the executable files keeps changing due to server-side polymorphism, we detect them proactively as Mal/WaledPk-A, and in fact the custom packer hasn’t changed all that much since the interesting case I mentioned recently. The webpage itself is also changing regularly (giving different filenames, among other things), and we’re now detecting it as Mal/WaledJs-A.
Don’t let your desire to get a good deal cloud your judgment – think before you click that link!