Subscribe
About
  • Home
  • /
  • Computing
  • /
  • Malicious spam says Obama refuses to accept presidency

Malicious spam says Obama refuses to accept presidency

By Schwartz Communications
Orange, California and Basingstoke, UK, 18 Jan 2009

Sensational news headlines proclaiming that Barack Obama is refusing to accept the U.S. Presidency and doesn't want the responsibility of saving a "sinking ship" are fake and part of a malicious spam campaign aimed at infecting computers with the Waledec botnet, say experts from the Marshal8e6 TRACE Labs.

The emails use subject lines such as "Amazing News" and contain text suggesting that Obama has abandoned the presidency or no longer wants to be president. The emails provide a simple link to a look-alike Obama campaign website. The site hosts links to downloadable malware presented to the user as legitimate news headlines. The domains for the fake websites include "greatobama" or "superobama".

"Barack Obama's inauguration is just one day away. Clearly, there is significant public interest in an event as historic and anticipated as this and the spammers are exploiting it. Spammers have used social engineering ploys like this time and time again to entice spam recipients into clicking on links without thinking. These headlines are designed to catch recipients by shocking them with the unbelievable," explained Phil Hay, senior threat analyst for the Marshal8e6 TRACE Labs.

This newest spam campaign from Waledec is an example of what security vendors call a "blended threat." The email itself is not dangerous but the web sites that are linked to are, and in this case, a user is taken to an official-looking but fake Obama campaign web site and enticed into clicking on a news link. This link prompts the user to download a file called "barakspeech.exe", or a similar variant. This file is, in reality, malware.

"The website that these spam messages link to looks official and convincing at first glance. Closer examination reveals numerous spelling and grammatical errors on the site which could alert wary email users that this is a trick. Unfortunately, we expect that many users who are lured to these sites will invariably click on the link and infect themselves," said Hay.

The Waledec botnet is new on the scene and widely considered by Internet security researchers to be the latest creation of the authors of the Storm botnet, which ceased spamming in September 2008. Waledec first appeared in December 2008, according to Marshal8e6, and continues the Storm botnet's modus operandi of distributing malware via URL links under the guise of sensational news headlines and fake greeting cards.

"We advise caution and suggest that email users avoid clicking on any news links relating to Obama's inauguration sent to them via email, especially if the email content seems sensational or unbelievable. If you do make the mistake of clicking on one of these links, avoid downloading anything. Also, keep your browser up-to-date to minimise the likelihood of automatic infection through browser vulnerabilities," advised Hay.

Share

Marshal8e6

Marshal8e6 is a global provider of Web and email security products. We are the only security company able to provide integrated, reliable and effective enterprise-class multi-layered solutions. Our deep expertise in Web and email allows us to correlate real-time threat intelligence to protect organisations from current and emerging threats.

With 20,000 customers and 16 million end users in 96 countries, the company is privately held and based in Orange, California with international headquarters in London and offices worldwide. For more information about Marshal8e6, please visit http://www.marshal8e6.com.

Editorial contacts

Jen Spark or Kristin Amico
Schwartz Communications
(415) 512 0770
Marshal8e6@schwartz-pr.com