Beware Of Presidential Malware

SecurityProNews
Staff Writer
2008-11-06

As the United States celebrates, or for about 46% of the population-mourns, the election of Barack Obama and the world continues its keen interest in this particular race, malware developers are in full attack mode trying to capitalize on a patriotic meme.

Beware Of Presidential Malware

They've been busy since at least last summer, but the increase in spam and trickery has been marked in the past couple of days. Attackers appear even to be buying AdWords ads to lure victims. Suffice to say computer users and IT pros should be wary and on guard against unsolicited or unknown sources of email, links, even ads, pertaining to Barack Obama, John McCain, or other personalities now exiting the campaign trail.

The rapid influx has inspired several security company blog posts warning against specific threats as a result of the US elections. Most focus on Obama, but one has emerged targeting McCain, a shocking announcement that McCain had a fatal heart attack the day after the election.

Actually, the spam says "McCane died of heart stroke," which should be any discerning recipient's clue that it's not on the up and up. The email links to a supposed Canadian pharmacy with a special discount on Viagra. Other subject lines have included promises of private videos of Cindy "McCane," and "McCane caught nude in public."

Other subject lines tease that both candidates-or people with similar but spelled differently names-were both killed.

Wednesday, Sophos reported that 60 percent of malicious spam intercepted carried Obama-related subject lines and claim to have originated at news@president.com. Clicking on the link in those emails led to a download purporting to be an Adobe Flash file, but was actually Trojan horse Mal/Behav-027. Another Trojan, called Mal/Heuri-E, has also been discovered. Sophos' analysis revealed:

· The malware contains rootkit technology to conceal itself.
· It's designed to steal information from an infected computer.
· It also has general backdoor functionality.
· It spies on user's keyboard and mouse inputs and can take screenshots.
· It looks for passwords.
· It submits the information it discovers to a webserver located in Kiev, Ukraine.

Others include an American flag icon, or promises that the file to be downloaded is "100% checked by Antivirus." Some are labeled, tellingly, BarackObama.exe, and carry the PWS-Banker Trojan. The AdWords link leads to a PDF file executing an exploit in Acrobat Reader.

About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.

More insider_reports_insider Articles

Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Featured On:

article resources

WebProWorld.com

•	Get in-touch with industry experts and leaders
•	Post your site for review by expert and peers
•	Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com


Titan Quest Forum The #1 Titan Quest forum
Halo 3 Forum The best Halo, Halo 2, Halo 3 forum
Nintendo Wii Nintendo Wii news and views
Mac Software The best in OS X freeware
Graphics Forum Your source for graphic tutorials