Barack Obama exploited in malware spam attack

Many Americans will have woken up today with a headache – either from celebrating the victory of Barack Obama or drowning their sorrows at John McCain’s loss of the White House.

One thing is clear though – malware authors haven’t been slow reacting to the news, and President Elect Barrack Obama is already being used as a lure for infecting unsuspecting internet users.

Here is a typical piece of spam that is being seen in our spam traps around the world:


Were you to click on the link you would find yourself on a website pretending to be a news site offering information and a video of Barack Obama’s historic win. However, the site tries to fool you into installing what it claims is an update to Adobe Flash to view the video.


The file referenced is detected by Sophos as a piece of malware called Mal/Behav-027 or Mal/Heuri-E It’s likely that the cybercriminals behind this attack will rotate the malware being served up by this dangerous website – so we will continue to monitor its activity as well as block access to the infected webpage with our web protection solutions.

Further analysis of the file by my colleagues in SophosLabs last night has determined that the malicious Trojan horse incorporates the following characteristics:

  • The malware contains rootkit technology to conceal itself.
  • It’s designed to steal information from an infected computer.
  • It also has general “backdoor” functionality.
  • It spies on user’s keyboard and mouse inputs and can take screenshots.
  • It looks for passwords.
  • It submits the information it discovers to a webserver located in Kiev, Ukraine.

This isn’t the first instance we’ve seen, of course, of hackers showing an unhealthy interest in the race to the US presidency.

Earlier this year, we saw a hacker break into the personal email account of Sarah Palin (which Sophos somehow managed to link in a video to celebrity Paris Hilton), and hackers also tried to infect Windows users with a message that claimed Barack Obama had been surreptitiously filmed in a sex video with Ukranian girls.

My guess is that this is far from the last example we will see of Barack Obama’s name and image being abused by malware authors in their greed to infect internet users.