The president-elect's first malware campaign

Filed Under: Malware, Spam, Video

And so it begins.

The tickertape from Barack Obama's celebratory party has probably not even been swept up yet, but the hackers have wasted no time in launching a malware campaign.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Experts at Sophos have discovered a widespread spam attack, claiming to contain a link to news about the new president.

The emails, which have subject lines such as "Obama win preferred in world poll" and claim to come from news@president.com, have accounted for approximately 60% of all malicious spam seen by SophosLabs in the last hour.

The emails claim to be regarding Barack Obama. Click for a larger version.

Clicking on the link, however, takes internet users to a webpage which insists you download Adobe Flash 9 to view a video of the first African-American president making an "amazing speech". But it's not Flash version 9, and this website is not just bogus - it's downright dangerous.

The website tries to fool you into install a malicious Trojan horse in order to view a video. Click for a larger version.

If you install the fake version of Adobe Flash you will actually be infecting your computer with a malicious Trojan horse detected by Sophos as Mal/Behav-027. If infected by it, PC owners could find that their data has been compromised and potentially their identity stolen.

Sophos experts have determined that the malicious Trojan horse incorporates the following characteristics:

  • The malware contains rootkit technology to conceal itself.
  • It's designed to steal information from an infected computer.
  • It also has general "backdoor" functionality.
  • It spies on user's keyboard and mouse inputs and can take screenshots.
  • It looks for passwords.
  • It submits the information it discovers to a webserver located in Kiev, Ukraine.

Users of other anti-virus products are recommended to check whether updates are available to protect their computers.

Of course, this is far from the first example we have seen of hackers exploiting the US presidential race. In September I blogged about a hacker who broke into Sarah Palin's personal email account. In the same month, hackers targeted Windows users with an email claiming to contain a sex video of Barack Obama.

Barack Obama's first day as US President won't start until January, but the malware authors are using his image and name right now to steal money from the innocent.

,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.