Webroot warns of spoofed presidential campaign sites

Computerworld - The growing use of the Internet as a communication and fundraising medium by presidential candidates has a nasty new doppelganger -- an elaborate, if short-term, revenue stream flowing to online crooks.

Perpetrators are busy setting up spoofed presidential candidate sites designed to lure unwary voters into parting with their money, their personal data or both, according to security vendor Webroot Software Inc.

The sites are designed to look like legitimate candidate Web pages, with solicitations for visitors to click on links, make donations or download screen savers and videos. Those who click on the poisoned links can get infected with a variety of spyware programs and other malware programs, company executives said today.

One such malicious program is a Trojan horse called Zlob; a relatively venerable piece of code, Symantec Corp. identified the same Trojan years ago as Trojan.Zhopa. It's designed to deploy various malware tools capable of giving attackers remote access to a compromised systems, or stealing keystrokes and passwords.

Many of the spoofed Web sites use URLs that take advantage of typographical and spelling errors that a user might make when entering a candidate's Web site address, according to Peter Watkins, CEO of Webroot. Barack Obama and Hillary Clinton appear to be particularly popular choices among those seeking to set up such spoofed sites, he said, probably because people have a harder time spelling their names.

Initially, most of the spoofs involved Obama and Ron Paul Web sites, according to Webroot. But lately, there has been an increase in the spoofing of other candidate Web sites as well.

"What we are seeing is a real explosion in these kinds of sites this year," Watkins said, noting that the 2008 election run-up is the first in which presidential hopefuls have embraced the Web in such a major way.

A substantial portion of the hundreds of millions of dollars that candidates are expected to raise this year is likely to be gathered via the Internet, and criminals want to be in on that action. "Crooks and criminals always follow the money," Watkins said.

It is surprising, he noted, that most of the campaigns appear not to have made the effort to register domain names involving common misspellings and transpositions of their names. Taking that measure would have reduce the potential for crooks to register domains that users could accidentally end up on because they mistyped a word or misspelled a candidate's name.

Read more about security in Computerworld's Security Knowledge Center.