Yagami Website

The Waledac worm is gearing up for a spam campaign related to the July 4 holiday, a security researcher has warned.

Researchers analyzing the code of the worm, which has been deploying updates to previously compromised PCs, have discovered that at least 18 domain names have been registered related to fireworks and Independence Day that will be used to trick people into visiting a malicious Web site, said Pierre-Marc Bureau, a senior researcher at antivirus vendor ESET.

Starting any time now and lasting through the weekend, the spam e-mail messages will arrive in inboxes with a message urging the recipient to watch a July 4 video. The e-mail messages are expected to include a link to a site with an executable that, instead of playing a video when double-clicked, will download malware that turns the visiting PC into another bot on the botnet, Bureau said.

The operators of Waledac are using holidays and other current events to lure new victims in order expand their botnet, and it's likely they are leasing out the botnet services to others, he said. Earlier this year, Waledac exploited Valentine's Day, spamming people with fake romantic greetings.

It is estimated that there are tens of thousands of computers infected with Waledac and that more than 20,000 will be used in the July 4 spam campaign, according to Bureau.

This article was first published as a blog post on CNET News.