Malware Piggybacks on Obama Win
Cyber criminals are blasting out massive amounts of spam touting a video of President-elect Barack Obama's victory speech. Recipients who click the included link are taken to a site that prompts visitors to install an Adobe Flash Player update. The bogus update, however, is actually a data-stealing Trojan horse.
The messages, with such subject lines as "election results winner," and "the new president's cabinet?", and "fear of a black president," direct recipients to a site featuring a picture of Obama beneath an official U.S. government seal and the domain name america.gov (the real domain names used to host these fraudulent sites appear to differ from message to message). Beside Obama's visage is an embedded video player that reads "loading player." A few seconds after the site loads, the visitor is prompted to download the malware, disguised as "adobe_flash9.exe".
Anti-virus firm Sophos says this piece of malicious software represents as much as 60 percent of all the malicious spam seen in their labs today. According to an analysis by computer security software maker F-Secure Corp., the malware is a data-stealing Trojan horse that uses a rootkit to hide itself on the host PC.
Patrik Runald, chief security advisor at F-Secure, said detection of the malicious plug-in by various anti-virus engines is sorely lacking at the moment. According to a scan of the malware at Virustotal.com -- which scans any submitted files against three-dozen anti-virus products -- only 14 out of 36 products detected the file as hostile.
"This is not a big surprise, but it was done relatively quickly [after the election]," Runald said of the e-mails advertising the malware sites, which first went out around 10 a.m. PT today. "I'd say this will be fairly successful, given that a lot of people are interested in the election, obviously."
If you receive any of these messages, please just delete them. While it's nice that this scam actually purports to offer the latest, most secure version of Flash, this kind of ploy is further evidence of why it's always a good idea to avoid updating your software and browser plug-ins from anywhere but the software vendor's official Web site.
November 5, 2008; 2:12 PM ET
Categories: Fraud , Latest Warnings , Safety Tips
Save & Share: Previous: Adobe Issues Critical Acrobat, Reader Updates
Next: Researchers Hijack Storm Worm to Track Profits
Posted by: firstname.lastname@example.org | November 5, 2008 6:35 PM | Report abuse
Posted by: eztechtips | November 6, 2008 12:03 PM | Report abuse
Posted by: hokiealumnus | November 6, 2008 12:05 PM | Report abuse
Posted by: hokiealumnus | November 6, 2008 12:06 PM | Report abuse
Posted by: eiverson1 | November 10, 2008 1:53 PM | Report abuse
The comments to this entry are closed.