Top Security News Campaigns Hacked, Obama Spam Commences In case it's possible you're not sick of political news yet, here's the tidbit to set you over: Both Obama's and McCain's computer systems were hacked during the presidential campaign by foreign agents. Clickjacking Is Scary, Real, And Kinda Hypothetical The new boogieman of the security world is the practice of "clickjacking," or slipping an invisible link over a legitimate link to trick surfers into clicking it. Prevalence: unknown. Alert level: high, because only Firefox... Microsoft Blames Apps For Security Vulnerabilities Microsoft, typically the darling of security vulnerability coverage, says targeting the operating system is old school. These days, the bad guys are targeting third-party applications. The company's biannual Security Intelligence Report claims over 90 percent of... ICANN Scrubs Net Of Malware Haven Too little too late for EstDomains, and if you're too late to do anything before ICANN gets you then you're pretty darn slow. The quasi-private overseer of the Internet sent a shattering blow to the registrar via contractual... Spammers Break CAPTCHAs, Exploit Social Networks Spammers have evolved to perpetrate some pretty complicated schemes to get their wares (and warez) to large audiences. Recently they've shown sophistication beyond simple mailings by breaking CAPTCHA... Thursday:11.06.08 As the United States celebrates, or for about 46% of the population-mourns, the election of Barack Obama and the world continues its keen interest in this particular race, malware developers are in full attack mode trying to capitalize on a patriotic meme. They've been busy since at least last summer, but the increase in spam and trickery has been marked in the past couple of days. Attackers appear even to be buying AdWords ads to lure victims. Suffice to say computer users and IT pros should be wary and on guard against unsolicited or unknown sources of email, links, even ads, pertaining to Barack Obama, John McCain, or other personalities now exiting the campaign trail. The rapid influx has inspired several security company blog posts warning against specific threats as a result of the US elections. Most focus on Obama, but one has emerged targeting McCain, a shocking announcement that McCain had a fatal heart attack the day after the election. Improve your competitive advantage with the white papers in this eKit: Download Now Actually, the spam says "McCane died of heart stroke," which should be any discerning recipient's clue that it's not on the up and up. The email links to a supposed Canadian pharmacy with a special discount on Viagra. Other subject lines have included promises of private videos of Cindy "McCane," and "McCane caught nude in public." Other subject lines tease that both candidates-or people with similar but spelled differently names-were both killed. Wednesday, Sophos reported that 60 percent of malicious spam intercepted carried Obama-related subject lines and claim to have originated at news@president.com. Clicking on the link in those emails led to a download purporting to be an Adobe Flash file, but was actually Trojan horse Mal/Behav-027. Another Trojan, called Mal/Heuri-E, has also been discovered. Sophos' analysis revealed: • The malware contains rootkit technology to conceal itself. • It's designed to steal information from an infected computer. • It also has general backdoor functionality. • It spies on user's keyboard and mouse inputs and can take screenshots. • It looks for passwords. • It submits the information it discovers to a webserver located in Kiev, Ukraine. Others include an American flag icon, or promises that the file to be downloaded is "100% checked by Antivirus." Some are labeled, tellingly, BarackObama.exe, and carry the PWS-Banker Trojan. The AdWords link leads to a PDF file executing an exploit in Acrobat Reader. About the Author: Jason is a graduate of the University of Kentucky. He covers business, technology, and security issues. SecurityProNews is brought to you by: SecurityConfig.com NetworkingFiles.com ITmanagementNews.com NetworkNewz.com DatabaseProNews.com SQLProNews.com ITcertificationNews.com SysAdminNews.com LinuxProNews.com WirelessProNews.com About SecurityProNews SecurityProNews is updated in real time with vital internet security alerts, news and in-depth articles for IT Managers. SecurityProNews understands that IT Management Begins With Security. Advertising Newsletters Corporate Info Site Map Support © 2008 SecurityProNews. An email newsletter. , Inc. 2549 Richmond Rd. Lexington KY, 40509 All Rights Reserved. Terms under which this service is provided to you. Read our privacy policy. Contact us. SecurityProNews is part of the iEntry Inc. Network of sites and newsletters.