Monday, January 19, 2009

Fake Obama Site is a Malware Booby-Trap

Over the weekend, I got an e-mail from my Mom warning me not to open any e-mail with the title "Obama Acceptance Speech" because it contained a trojan. It even cited Snopes as stating that the threat wasn't a hoax. I sent her a reply referencing the last post on spam I did, which had a paragraph about Obama spam on it. My point was anyone who thinks there is only one e-mail of this type is out there is probably sadly mistaken.

On Sunday, with the inauguration less than 24 hours away, I got a hot tip that the Symantec Lab had detected another round of Obama spam with malicious intent being sent across the electronic universe. Zuftikar Ramzan announced on the Symantec Security Blog that this latest round of Obama spam uses lures with titles like "Our new president has gone," "Obama refused to be the president of the United States of America," and "There is no president in the USA anymore and Obama has gone."

Zuftikar also mentioned a link in these e-mails (removed for safety reasons) leading to a faux website that looks amazingly similar to the official Obama-Biden site. The fake site can be seen below:



This fake site attempts to exploit weaknesses in a Web browser to install malicious software without the owner's knowledge. According to Zuftikar, the page and its links all have malicious software on them. In other words, the entire site is literally a virtual booby trap.

The files are titled usa.exe, obamanew.exe, pdf.exe, statement.exe, barackblog.exe and barackspeech.exe. While the titles might be different, they lead to the same variety of malware known as the W32.Waledac. This malicious software is capable of stealing sensitive information, turning your machine into a spam-spewing zombie and leaving a back door for a hacker to gain access to it.

Political themes have been used a lot in recent times to lure people into clicking on links in spam e-mails they shouldn't have. Other common lures include the old fashioned too-good-to-be-true, security and badge-of-authority types (IRS, FBI, CIA, etc.).

With tax season upon us, expect the IRS to be a common one used in the near future.Symantec does provide removal instructions for this malware on their site, but most of us are far better off by not clicking on this type of stuff in the first place. These e-mails are sent out by the millions and the best thing to do is hit delete before opening them up.

1 comment:

Unknown said...

This ticks me off, because my blog has absolutely no malware (and I loathe the script kiddies and punks who push malware) except everyone is paranoid that Fake Barack Obama blogs contain malware.

I assure you, I'm 100% malware free.

http://fake-barack.blogspot.com