Connecting the Warezov domain dots

As disclosed recently, the Warezov operation is largely to blame for the massive increase in spam amounts recently. Warezov-infected machines download additional components which, after a variable delay, start sending out spam mails. All of these spams (as far as we've seen) are pharmaceuticals spams, advertising Viagra, Vialis, Valium and Xanax clones.

You can make the connection between the virus and the spam just by looking at the domain names used by the Warezov gang for both virus component download and for hosting the fake viagra sites.

Warezov is spread by spamming slightly modified versions of the downloader component. This is modified by the spammers as soon as major antiviruses add detection of that particular component. We believe the Warezov gang is using services like Virustotal or Jotti to monitor the reactions of the antivirus industry.

I’ve seen spam emails in my own junk mail folder increase from 30 to about 100 a day now. :-X