Fake Obama sites prey on inauguration by distributing trojan

Share this article:
Updated Tuesday, Jan. 20, 2008 at 2:19 p.m. EST

Barack Obama was sworn in as president on Tuesday, but a new malware campaign wants you to believe otherwise.

Users are being lured to a number of malicious sites that look like Obama's official homepage but contain bogus news stories such as “Barack Obama refused to be the president of the United States of America” and “There is no president in the USA anymore.”

When the user clicks on one of the links, the malware -- identified as the Waledac trojan -- begins to download the necessary files to host the attack on the victim's computer, Ryan Sherstobitoff, chief corporate evangelist for Panda Security. told SCMagazineUS.com on Tuesday.

The goal of this exploit to build a bigger botnet, Fred Touchette, senior security analyst at anti-spam firm AppRiver, told SCMagazineUS.com.

“It could be pretty dangerous," he said. "The site is an exact mirror of the official Obama-Biden site."

Users are being lured to the site through a spam campaign that has been crafted to contain legitimate-looking news stories about the Obama inauguration, researchers said. The messages aim to lure users into clicking a link contained in the message, which sends users to the fake site.

Spammers and malware authors use any significant social event to entice users to follow links sent out through email, Ryan Barnett, director of application security research for Breach Security told SCMagazineUS.com Tuesday.

"In this case, any fake headlines about the Inauguration will be a hot lure right now," Barnett said.

There are a couple of steps needed to become infected — users must click a link in their email, click on one of the links on the site, download the malicious executable and execute it, Touchette said

The attack appears to originate from China and there are about 75 domain names associated with the Waledac trojan, according to a PandaLabs blog post. Online watchdog, the Shadowserver Foundation, has posted a full list of the domains that are associated with the malware and encourages users to block or avoid them.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

More in News

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.