Botnets Busy with the Western Union Theme

Yes, it's true, and here they come again. Last August is when we really started seeing this type of trend. A trend where botnets (mostly Pushdo) last year began sending malware dressed up as fake Western Union receipts. Now we're seeing them apparently coming from the Waledac botnet, and a lot of them. The ploy has morphed from Western Union emails to fake airline ticket purchases, to false credit card purchases, the language has changed too from English to German to French, and back to English. The one thing thing that hasn't changed is the malware authors' desire to continue expanding their botnets. It did appear there for one hot second that Waledac was focusing more on their spam business, as we didn't see many propagation efforts from them, but perhaps they were just making a few extra bucks while these new campaigns were in the works. They are certainly back for now, and we're seeing at least two new zero-day variants a day. Don't worry though, we're on it. Here's a picture of an email using this theme from back in August, and below that is one that I blocked about an hour ago.If this is any indication of cyclical themes, we should see the "Airmail Express" themes next.