According to the researchers, this new version includes the ability to sniff user credentials for FTP, POP3, SMTP, and steal
While Palo Alto Networks discovered a third variant, following Microsoft’s takedown of Waledec, Shadowserver’s Steven Adair discovered a second variant in early 2011. A month later, researchers from malware intelligence firm Last Line were able to examine the botnet code and discovered 123,920 FTP account credentials. In addition to the FTP access, they discovered nearly 500,000 credentials used for POP3 services.
Just last week Symantec noticed Waledac spreading spam in what appears to have been an attempt at political activism.
So while the original botnet has been taken down and remains under the control of Microsoft, thse new variant pose new risks to users and organizations.