Malware Authors Jumping on the Obama Bandwagon


No surprise here, the malware authors are leveraging on the social engineering aspect of the US presidential elections.

In less than half a day Google Adwords adverts and custom malware was popping up conning users into a sense of security by using Obama’s name.

Malware purveyors have wasted no time capitalizing on Barack Obama’s landslide victory in the US presidential race. Within 12 hours of his acceptance speech Tuesday night, net users were being treated to scams involving Google AdWords and prodigious volumes of spam.

The spam comes masked as dispatches from legitimate news sources, including the BBC and CNN, and invite readers to click a link to view a video of Obama accepting his country’s vote. Those who take the bait are sent to a spoof page of the news site that claims they need to update their Adobe Flash Player before viewing the speech.

It seems to be a generic trojan/rootkit aiming for banking details, it’s just a new vector for installation.

I guess a lot of people will fall for it though with the election fever hitting all around the World, not just in USA. Everyone is going Obama crazy!

In fact, Adobe_flash9.exe installs the notorious Trojan-PSW:W32/Papras.CL, according to anti-virus provider F-Secure. Earlier Wednesday, just 14 of the 36 major anti-virus programs detected the trojan, according to this analysis from VirusTotal. Once installed, the malware, which cloaks itself in a rootkit, logs passwords for bank sites and other sensitive information and sends them to a server located in Ukraine.

The fraudulent news sites are being hosted on a fast-flux network of infected machines, according to this analysis by the CyberCrime & Doing Time blog. Cloudmark, a company that provides spam filtering service, has already seen more than 10 million of the spam messages, according to the Zero Day blog.

Anyway just let the non-tech savvy amongst the people you know that this is going on and that they are likely to get e-mails or messages about Obama pretending to be from legitimate sources.

Under no circumstance should they follow the link and especially don’t install any flash or other software updates from such sites.

Source: The Register

Posted in: Malware, Social Engineering, Spammers & Scammers


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


One Response to Malware Authors Jumping on the Obama Bandwagon

  1. navin November 6, 2008 at 12:46 pm #

    oh -bama

    after fraudulent calls made to people asking for campaign donations in Obama’s name….it was only a matter of time till online scams started taking effect

    WE NEED CHANGE!! :)