Sunday, February 17, 2008

Hillary Clinton used as a spam lure to download malicious software

On Thursday, Kelly Conley reported a predicted spam lure (seen in the wild) using the 2008 elections on the Symantec blog:

It’s election year in the United States, everyone must be aware of that by now. We've just observed a Trojan being spammed out utilizing a candidate's name, Hillary Clinton, as bait. The email asks you to click a link to download an interview with her.

"If anyone clicked on the link they were actually downloading "a suspect file, "mpg.exe," which is a Trojan downloader. This downloader downloads a file, inst241.exe, which is detected as Trojan.Srizbi," according to Kelly.

This Trojan normally ends up turning your system into a spam spewing zombie, or part of a botnet.

Shortly thereafter, McAfee reported seeing the same thing. One of the spam e-mails circulating stated that Hillary had been shot right before the Virginia primary.

Fear is a common social engineering technique to lure someone into clicking on to something that they shouldn't. Sadaam Hussein's hanging and Benazir Bhutto's assasination were the two most recent examples of a lure like this being used in spam e-mails.

Gregg Keizer at Computer World did an interesting article on this, where he interviewed Oliver Friedrichs, director of Symantec's security response team. Oliver noted that the spammers might be a little wary of attracting too much attention from law enforcement with this type of activity. He did, however, note that it is still early in the game and attacks using the hurricane disasters a few years ago sparked a lot of activity.

Brian Krebs at Security Fix (Washington Post) also did a nice write-up on this story, where he interviewed Zulfikar Ramzam (Symantec), who gave a lot of insight into the technical aspects of this particular attack. Also noted in the Security Fix article was that the Trojan.Srizbi was used to spread malware using Ron Paul as the lure in October.

In the Computer World article, Oliver Friedrichs speculated:

A lot of money will be at stake. The campaign of Sen. Barack Obama (D-Ill.) raised $28 million online in January alone, according to news reports. That's a substantial amount of money. And clearly any sense of conscience or caution [on the part of hackers] might just go out the window.
Brian Krebbs ended his post with a thought in the same vein:

Coincidence? You decide. But at least the bad guys aren't singling out one particular political party over another. So far, we haven't seen malware attacks apparently designed to disrupt a U.S. election, but the potential for such activity certainly exists (political phishing, anyone?), particularly if candidates aren't taking precautions to ensure that their online fundraising systems can't easily be abused by credit card thieves.
Besides money, another thought to consider might be someone trying to do this to disrupt the election in general, or attack a particular candidate? Politics and or religious beliefs can cause the wrong person to do some pretty nasty things despite a strong possibility of getting caught (my humble opinion).

After all, both of these attacks seem to have originated outside the borders of the United States and it isn't unknown for foreign hackers to attack government systems.

Attacking a political campaign isn't too far a stretch from that type of activity.

No comments: