Fake Obama sites prey on inauguration by distributing trojan

Share this article:
Updated Tuesday, Jan. 20, 2008 at 2:19 p.m. EST

Barack Obama was sworn in as president on Tuesday, but a new malware campaign wants you to believe otherwise.

Users are being lured to a number of malicious sites that look like Obama's official homepage but contain bogus news stories such as “Barack Obama refused to be the president of the United States of America” and “There is no president in the USA anymore.”

When the user clicks on one of the links, the malware -- identified as the Waledac trojan -- begins to download the necessary files to host the attack on the victim's computer, Ryan Sherstobitoff, chief corporate evangelist for Panda Security. told SCMagazineUS.com on Tuesday.

The goal of this exploit to build a bigger botnet, Fred Touchette, senior security analyst at anti-spam firm AppRiver, told SCMagazineUS.com.

“It could be pretty dangerous," he said. "The site is an exact mirror of the official Obama-Biden site."

Users are being lured to the site through a spam campaign that has been crafted to contain legitimate-looking news stories about the Obama inauguration, researchers said. The messages aim to lure users into clicking a link contained in the message, which sends users to the fake site.

Spammers and malware authors use any significant social event to entice users to follow links sent out through email, Ryan Barnett, director of application security research for Breach Security told SCMagazineUS.com Tuesday.

"In this case, any fake headlines about the Inauguration will be a hot lure right now," Barnett said.

There are a couple of steps needed to become infected — users must click a link in their email, click on one of the links on the site, download the malicious executable and execute it, Touchette said

The attack appears to originate from China and there are about 75 domain names associated with the Waledac trojan, according to a PandaLabs blog post. Online watchdog, the Shadowserver Foundation, has posted a full list of the domains that are associated with the malware and encourages users to block or avoid them.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.