Computer Crime Research Center


Obama, McCain Used in Malicious Spam Attacks

Date: November 07, 2008

Security research firm Sophos on Wednesday discovered attackers have launched their own presidential campaign. Attempting to exploit President-elect Barack Obama's historic victory, the spam attack sends e-mails with the subject line "Obama win preferred in world poll" and a return address of [email protected]

Clicking a link in the e-mail takes victims to a Web page that insists on downloading Adobe Flash 9 to view a video of the first African-American president's "amazing speech." The scam is this: It's not really Flash. It's dangerous malware.

Victims who download get a Trojan horse that Sophos has labeled Mal/Bahav-027. PC users infected with this malware could find their data compromised or have their identity stolen.

Anatomy of Obama Malware

Sophos has identified some key characteristics of the Trojan. The malware contains rootkit technology that allows it to remain hidden. It's designed to steal information from an infected computer. And it has a general backdoor functionality.

If that doesn't sound bad enough, this malware also has the ability to record keyboard and mouse inputs and can take screenshots. It looks for passwords, and it submits the information to a Web server in Kiev, Ukraine.

This isn't the first time attackers have tried to exploit Internet users during the presidential race. In September, hackers targeted Windows users with an e-mail claiming to contain a sex video of Obama.

Stop Clicking Links

It's not surprising that cybercriminals take advantage of the world's biggest news stories as an obvious trigger for people to open e-mails or click links, according to Graham Cluley, a senior technology consultant at Sophos.

"In many ways, this campaign is identical to past attacks which have pretended to link to sexy videos of Britney Spears, Paris Hilton or Angelina Jolie," he said. "It's just that this time they chose the next leader of the USA -- who is probably the biggest celebrity on the planet right now -- rather than a female starlet."

McCain Dies of Heart Attack?

On Thursday, Sophos reported yet another presidential campaign-related attack. New spam campaigns are promoting an online Canadian pharmacy using sensational subject lines about both Sen. John McCain and Obama.

Those subject lines claim to have news about McCain's wife in a private video, McCain dying of a heart attack, and Obama and McCain being killed.

The spammers are trying to get Internet users to open their e-mail so they can advertise Viagra. But the spammers didn't even spell the names of the campaign rivals correctly -- perhaps, Cluley said, to evade spam filters.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo