Super Tuesday malware attack targets US voters

A customer submitted an interesting file to SophosLabs yesterday, and asked us to take a look at it.

Its name was


The White House“Super Tuesday”, as American readers are probably all too aware, is the day when the largest number of American states vote to choose which candidate will run for the job of president in 2012. Barack Obama isn’t facing any opponents in the Democrat party, so all the voting is for Republicans this year.

Sign up to our free newsletter.
Security news, advice, and tips.

We don’t know whether the customer who forwarded us the suspect file was specifically targeted, or whether they were caught in a more widely spammed-out campaign, but if they had made the mistake of opening the file they would have put their Windows computers at risk.

The Trojan horse communicates with a Russian website and has the ability to download further malware. In addition, it installs a file called spoolsvr.exe on infected computers and creates a PDF file called


Super Tuesday 2012 voting information PDF

Presumably this PDF is designed to act as a decoy, as it does not appear to contain a malicious payload itself.

SophosLabs has imaginatively named the malware Troj/ST2012V-A (No prizes for guessing how they came up with that name).

Of course, this wouldn’t be the first time we have seen malware authors exploit a US presidential race. For instance, four years ago we saw an alleged sex video of Barack Obama doing the rounds, and another malware attack which struck within hours of Obama’s election.

Remember to keep your computers patched, and your anti-virus updated. And never forget to keep your wits about you – if you receive a suspicious-looking file out of the blue, don’t fool yourself into believing you can click before you think.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.