Sophos: Malicious spam attack exploits Obama Win
November 2008 by Sophos
IT security and control firm Sophos is warning email users, excited about the US presidential election, to exercise caution when checking their inboxes. The warning comes after the discovery of a widespread malicious spam campaign that claims to offer news of Barack Obama’s successful campaign, but instead links to a website that attempts to infect users with a Trojan horse that steals information for identity fraud.
The emails, which have subject lines such as “Obama win preferred in world poll” and claim to come from firstname.lastname@example.org, have accounted for approximately 60 percent of all malicious spam seen by SophosLabs in the past 24 hours. The spam messages contain a link that takes internet users to a webpage which instructs visitors to download ‘Adobe Flash 9’ to view a video of the first African-American president making an “amazing speech”. However, the download will infect computers with a malicious Trojan horse detected by Sophos as Mal/Behav-027.
“Barack Obama is undoubtedly the most famous person on the planet right now”, said Graham Cluley, senior technology consultant at Sophos. “But email users who are eager to get the latest scoop on Obama’s monumental presidential win should be careful that they are not being tricked by conniving cybercriminals. Hackers will be quick to jump on breaking news to spread malware and steal sensitive information – web and email users should exercise extra caution and ensure that they are running security software that is fully patched and up-to-date.”
Sophos experts have determined that the malicious Trojan horse is based on rootkit technology which aids concealment on the victim’s computer. Designed to steal information, the malware spies on users’ keyboard and mouse inputs, can take screenshots, looks for passwords and submits the information it discovers to a webserver located in Kiev, Ukraine.