The president-elect’s first malware campaign

Graham Cluley
Graham Cluley
@[email protected]

The president-elect's first malware campaign

And so it begins.

The tickertape from Barack Obama’s celebratory party has probably not even been swept up yet, but the hackers have wasted no time in launching a malware campaign.

Experts at Sophos have discovered a widespread spam attack, claiming to contain a link to news about the new president.

The emails, which have subject lines such as “Obama win preferred in world poll” and claim to come from [email protected], have accounted for approximately 60% of all malicious spam seen by SophosLabs in the last hour.

The emails claim to be regarding Barack Obama. Click for a larger version.

Clicking on the link, however, takes internet users to a webpage which insists you download Adobe Flash 9 to view a video of the first African-American president making an “amazing speech”. But it’s not Flash version 9, and this website is not just bogus – it’s downright dangerous.

The website tries to fool you into install a malicious Trojan horse in order to view a video. Click for a larger version.

If you install the fake version of Adobe Flash you will actually be infecting your computer with a malicious Trojan horse detected by Sophos as Mal/Behav-027. If infected by it, PC owners could find that their data has been compromised and potentially their identity stolen.

Sign up to our free newsletter.
Security news, advice, and tips.

Sophos experts have determined that the malicious Trojan horse incorporates the following characteristics:

  • The malware contains rootkit technology to conceal itself.
  • It’s designed to steal information from an infected computer.
  • It also has general “backdoor” functionality.
  • It spies on user’s keyboard and mouse inputs and can take screenshots.
  • It looks for passwords.
  • It submits the information it discovers to a webserver located in Kiev, Ukraine.

Users of other anti-virus products are recommended to check whether updates are available to protect their computers.

Of course, this is far from the first example we have seen of hackers exploiting the US presidential race. In September I blogged about a hacker who broke into Sarah Palin’s personal email account. In the same month, hackers targeted Windows users with an email claiming to contain a sex video of Barack Obama.

Barack Obama’s first day as US President won’t start until January, but the malware authors are using his image and name right now to steal money from the innocent.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.