July 7, 2009 - "... After 4th July, we have noticed an increase in the number of emails in circulation, and this week will be even more active. We believe that, like other campaigns, this one will last at least 15 days. However, what many readers may be wondering is why Waledac was “asleep” so many months. The reality is that the Trojan wasn’t spreading at that point. However, the botnet that was built with Waledac, remained as active as ever; working mainly to achieve their most important goal: to send spam
. At ESET Latinamerica’s Laboratory, we made some tests to enable us to share information with users that shows the importance of staying uninfected: if my computer is infected with Waledac, how much spam does it send? We infected a computer in the laboratory with one of the Waledac trojans...
After that, we used a tool to monitor network traffic to see how many emails were sent by the botnet, since the system became infected . We made an initial measurement in 4 stages over a period of one hour (at different times of day), and the results were as follows:
• Stage 1: between 18:00 and 19:00 hs. 6968 emails were sent
• Stage 2: between 20:30 and 21:30 hs. 7148 emails were sent
• Stage 3: between 10:00 and 11:00 hs. 5610 emails were sent
• Stage 4: Between 13:00 and 14:00 hs. 6568 emails were sent
Taking the average of emails sent per hour (6548 emails), it is estimated that an infected computer can send about 150,000 emails a day
. To be even clearer, that represents nearly two emails per second... If we consider that the network is estimated to consist of at least 20,000 infected computers, it can be seen that the botnet has a theoretical spam-sending capacity of 3 billion emails daily
... many users will now understand why their computers work so slowly when their systems are infected..."