Malicious Obama video contains Trojan

By

Just a few hours after Barack Obama was elected as the 44th President of the US, malicious emails are being sent offering a video with his advisors.


Just a few hours after Barack Obama was elected as the 44thPresident of the US, malicious emails are being sent offering a video with his advisors.

Websense Security Labs ThreatSeeker Network has discovered that malware authors are sending emails that promise a video showing an interview with the advisors to the recently elected US President.

The company claim that the email actually contains links to a file called 'BarackObama.exe' hosted on a compromised travel site at hxxp://*snip*.com/web/BarackObama.exe. This file is a Trojan Downloader with MD5 9720d70a5da9ca442ecf41e9269f5a27.

Upon execution files named system.exe and firewall.exe are dropped into the system directory. A phishing kit is unpacked locally, and the dropped files are bound to startup. The hosts file is also modified.

The Trojan downloaders are not being detected by major anti-virus vendors according to Websense, though its own Websense Messaging and Websense Web Security customers are protected against these threats.

Carl Leonard, “This is an email lure, we saw two alerts sent out yesterday so the spammers have reacted to the news of the US elections. The first one was a localised attack that was aiming to dupe people from the Latin America region which was passed off as an interview with Obama's advisors.

"The second attack was a from a phishing attempt to get banking information which claimed that you had to update to the latest Adobe flash player. When this is downloaded is opens a ‘phishing kit' that sets your machine up to work as a phishing website.

"It also scans your firewalls and sends compromised data out so you are acting as a scam website, when you access a banking website it sends your information back to the command centre. This is all hidden by the Rootkit which disguises the malware on your computer.

"This is very current, timely and topical as we saw tens of thousands of emails sent yesterday, and a few thousand sent today, so this is a very short attack that is capitalising on timing and it proves that malware authors do know their audience. We do expect further attacks around the US election theme, possibly when Obama is sworn in on January 20th"

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
containsmaliciousobamasecuritytrojanvideo

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?