A quick search through our blogs for previous 4th of July malware campaigns for the past three years show:
- 4th of July 2007, we experienced a large e-card campaign which we then detected as Troj/JSEcard-A and Mal/Dorf-C.
- 4th of July 2008, we experienced another large Dorf campaign this time attempting to show the users a video of fireworks; we detected this as Troj/Dorf-BP and Mal/ObfJS-AY.
- 4th of July 2009, we experienced a Waled campaign attempting to show the users a YouTube video of fireworks; we detected this as Mal/WaledPak-G and Mal/WaledJS-A.
My predictions for 4th of July 2010 based on the experiences of the past three years – possibly another Waled campaign this time focusing on something other than fireworks or e-cards. Maybe something more creative than fireworks? It’s getting a bit stale.
Also the campaign may not necessarily be another Waled, but given how long Dorf has been used and continues to be used, reusing Waled may not be unrealistic. The malware authors will just tweak the code and redeploy.