Hackers spread malware with 'Hilary Clinton' spam
Criminals 'skittish' of messing with political process -- so far
February 15, 2008 12:00 PM ETComputerworld - Cybercriminals may have weighed risk and reward and figured that the first isn't worth the second if they try to exploit the 2008 U.S. presidential campaign, a security researcher at Symantec Corp. said today.
At least for now.
"We've now seen just two instances of spam using political candidates to spread malicious code," said Oliver Friedrichs, director of Symantec's security response team and a writer on electoral cybercrime. "I think [hackers] are still a little skittish. The high visibility of the federal elections makes them cautious about stepping into it."
Earlier this week, researchers at both Symantec and McAfee Inc. reported a spam run that tried to trick users into downloading a Trojan horse posing as a video of Sen. Hillary Rodham Clinton (D-N.Y.) supposedly shot before Tuesday's Virginia primary. "Hilary [sic] Clinton visited her campaign headquarters in Virginia and did satellite interviews, looking beyond Tuesday's trio of contests and touting the importance of a March 4 vote in Ohio," the bogus e-mail read. "Full video. Download it now!"
Users who clicked the embedded link, however, were faced with a file pegged "mpg.exe." That file was actually a downloader, which in turn retrieved and installed the "Srizbi" Trojan horse -- malware that turns Windows-running PCs into spam-spewing bots.
The other example of what Friedrichs has called "electoral cybercrime" was a late-October 2007 spam blast ostensibly promoting Rep. Ron Paul (R-Texas) and his campaign for the Republican Party nomination. More than a month after that attack, which had links to the Srizbi Trojan horse like the Clinton one this week, researchers at SecureWorks Inc. linked the spam to a Ukrainian botnet.
McAfee researcher Alex Hinchliffe drew a line between this week's Clinton spam and the Russian Business Network, a notorious hacker and malware hosting network once based in St. Petersburg, Russia.
Although Friedrichs had speculated last year that the 2008 presidential campaign would see an increase in electoral attacks -- especially phishing attacks -- over the number that occurred in 2004, when there were just two reported cases, that hasn't happened yet.
Friedrichs offered a possible explanation. "The scale of an election is such that any potential disruption will clearly gather all the strength of all law enforcement," he said.
"But they haven't been afraid of phishing charities," Friedrichs said, citing the aggressive identity-theft attacks that exploited the aftereffects of Hurricane Katrina in New Orleans and the Gulf Coast states. "Maybe it's just too early. Maybe we'll see more [phishing] after the primaries are over."
A lot of money will be at stake. The campaign of Sen. Barack Obama (D-Ill.) raised $28 million online in January alone, according to news reports.
"That's a substantial amount of money. And clearly any sense of conscience or caution [on the part of hackers] might just go out the window," said Friedrichs.
Read more about security in Computerworld's Security Knowledge Center.
Hilary Clinton
Additional Resources



White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

