Super Tuesday malware attack targets US voters

Filed Under: Featured, Malware

A customer submitted an interesting file to SophosLabs yesterday, and asked us to take a look at it.

Its name was

Super_Tuesday_2012_voting_information.exe

The White House"Super Tuesday", as American readers are probably all too aware, is the day when the largest number of American states vote to choose which candidate will run for the job of president in 2012. Barack Obama isn't facing any opponents in the Democrat party, so all the voting is for Republicans this year.

We don't know whether the customer who forwarded us the suspect file was specifically targeted, or whether they were caught in a more widely spammed-out campaign, but if they had made the mistake of opening the file they would have put their Windows computers at risk.

The Trojan horse communicates with a Russian website and has the ability to download further malware. In addition, it installs a file called spoolsvr.exe on infected computers and creates a PDF file called

Super_Tuesday_2012_voting_information.pdf

Super Tuesday 2012 voting information PDF

Presumably this PDF is designed to act as a decoy, as it does not appear to contain a malicious payload itself.

SophosLabs has imaginatively named the malware Troj/ST2012V-A (No prizes for guessing how they came up with that name).

Of course, this wouldn't be the first time we have seen malware authors exploit a US presidential race. For instance, four years ago we saw an alleged sex video of Barack Obama doing the rounds, and another malware attack which struck within hours of Obama's election.

Remember to keep your computers patched, and your anti-virus updated. And never forget to keep your wits about you - if you receive a suspicious-looking file out of the blue, don't fool yourself into believing you can click before you think.

,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.