Incident Response, Malware, Network Security, TDR

Barack Obama site hosting trojan

President Obama supporters wanting to view videos made by other fans of the newly inaugurated leader might soon find themselves infected with a virus.

Researchers said this week that malicious individuals have been creating bogus accounts at, a social networking site where supporters of Obama can interact and create their own blogs.

The fraudsters are embedding fake YouTube videos into their blogs, according to a Monday blog post from Websense. Attempting to play the video redirects users to another website, where they are notified that they must download a codec to view the video. Agreeing to download the codec actually initiates the installation of a trojan.

According to Websense, the cybercriminals aren't just sitting back and waiting for users to find their malicious blogs on the popular Obama site. They're also promoting them all over the web by placing the links into blog comment forms and other web 2.0 user-generated content -- that way, the pages return higher on search results.

Websense said that, as of Monday morning, the malicious code was being detected by 35 percent of the major anti-virus vendors.

The people behind the attack are quite sophisticated and update their code very frequently to evade anti-virus detection, Dan Hubbard, Websense's CTO, told Tuesday.

This is another example of the crooks taking advantage of the Obama administration's penchant for technology, experts said.

“Now that President Obama has officially been sworn in, and with the new administration's efforts to ‘expand and deepen this online engagement,' we can be sure that the frequency and intensity of malicious campaigns aimed at anyone seeking to engage with the president online will only increase,” the Websense blog said.

This is not the first time cybercriminals have crafted their exploits based on the popularity of Obama. Last week, users were being lured to a number of sites that resembled the president's official homepage, but the links acutally led to the download of the Waledac trojan.

A Symantec MessageLabs intelligence report released this week noted that sites that allow user-generated content have grown enormously during 2008. The report said cybercriminals have had success with exploits on these websites by uploading malicious content and luring users to activate it.

A represenative for the Obama site could not be reached for comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.