Malware Authors Loves Obama Too

Share

The Register reports that malware creators are already using Mr. Obama’s popularity to distribute the Papras Trojan using spam, social engineering and Google Ads[1].

Users usually receive an email from what seems a legitimate news sources such as CNN and BBC, inviting users to see the speech of Barack Obama on their website. The content of the email is the following[2]:

Barack Obama Elected 44th President of United States

Barack Obama, unknown to most Americans just four years ago, will become the 44th president and the first African-American president of the United States.
Watch His amazing speech at November 5!

Proceed to the election results news page>>

2008 American Government Official Website
This site delivers information about current U.S. Foreign policy and about American life and culture.

And senders are usually:

  • news@cnn.com
    news@usatoday.com
    news@online.com
    news@c18-ss-1-lb.cnet.com
    news@president.com
    news@unitedstates.com
    news@bbc.com

The email contains a link to a fake website, which prompts the users to update their Flash player in order to see the speech. Of course, the update is actually a Trojan.

Screen shots of the email and fake website, from F-Secure[3]:

 

Papras is an information stealing Trojan, trying to get a hold of logins and passwords among others. This Trojan is detected by only 14 of the 36 major anti-virus programs.


[1] “Obama-themed malware mauls world+dog”, Dan Goodin, The Register, November 5, 2008, http://www.theregister.co.uk/2008/11/05/obama_malware_attacks/ (accessed November 6, 2008)

[2] “Computer Virus masquerades as Obama Acceptance Speech Video”, Gary Warner, CyberCrime & Doing Time, November 5, 2008, http://garwarner.blogspot.com/2008/11/computer-virus-masquerades-as-obama.html (accessed on November 6, 2008)

[3] “US Presidential Malware”, F-Secure, November 5, 2008, http://www.f-secure.com/weblog/archives/00001530.html (accessed on November 6, 2008)

Both U.S Presidential Campaigns Hacked

Share

Newsweek reports that the computer systems of M. Obama and M. McCain were both hacked by unknown attackers during their campaigns[1]. Very little information is available, but according to Newsweek, the FBI and the Secret Services claimed that several files from the Obama servers had been compromised by a “foreign entity” in midsummer. The same happened to the McCain campaign.

According to the FBI, documents were stole by foreign powers (probably Russia or China) in order to gather information for future negotiations.

But the former director of technology for the 2004 presidential campaign of Rep. Dennis Kucinich expressed skepticism about the claims. Henry Poole from CivicActions, a firm that offers Internet campaign consulting services, said “It’s unlikely that either campaign would have stored sensitive data on the same servers that were being used for public campaigning purposes[2]“.

It is unclear if anyone got compromised at all. If so, why would the FBI and Secret Services report such events? Hopefully there is more to come on this…

See also:

“Hackers and Spending Sprees”, Newsweek, November 5, 2008, http://www.newsweek.com/id/167581/page/1 (accessed on November 6, 2008)

“Both US political campaigns got hacked”, Egan Orion, The Inquirer, November 6, 2008, http://www.theinquirer.net/gb/inquirer/news/2008/11/06/both-political-campaigns-got (accessed on November 6, 2008)


[1] “Hackers and Spending Sprees”, Newsweek, November 5, 2008, http://www.newsweek.com/id/167581/page/1 (accessed on November 6, 2008)

[2] “Report: Obama, McCain campaign computers were hacked by ‘foreign entity'”, Jaikumar Vijayan, ComputerWorld, http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Cybercrime+and+Hacking&articleId=9119221&taxonomyId=82&pageNumber=1 (accessed on November 6, 2008)