Hackers leverage Obama win for massive malware campaign
Attacks account for 60% of all malicious spam today, says one researcher
Computerworld - Hackers have seized on the results of the U.S. presidential election to launch a major malware campaign that tries to trick users into installing an update to Adobe Systems Inc.'s Flash, but actually plants a Trojan horse on unprotected PCs, security experts warned today.
The malware blitz stems from spam messages touting Sen. Barack Obama's victory last night, and offers up a link to what is supposedly a site sporting election results. When users click on the link, however, they're shunted to a fake site that demands the user install an update to Adobe's Flash Player before viewing a video.
Rather than a Flash update, what's actually downloaded is a Trojan horse that compromises the PC then floods the machine with more malware, said Dan Hubbard, vice president of security research at Websense Inc. "This is very coordinated," said Hubbard of the Obama-themed attacks, "with evidence that they planned this, then waited for the election results."
According to Hubbard, the hackers registered 15 to 20 domains yesterday to host the malware and fake site. All the domains are on so-called "fast flux" servers, Hubbard added, referring to the practice in which criminals rapidly switch domains between multiple IP addresses. Identity thieves often use the fast-flux tactic as a way to stay ahead of the law and prevent their servers from being shut down.
Hubbard called the attacks "the largest malicious e-mail campaign going," adding that Websense had tracked 100,000 individual copies of the scam message so far today.
Meanwhile, rival researcher Graham Cluley at Sophos PLC said his company put the volume at 60% of all the malicious spam on the Internet. "This is taking advantage of 'Obama mania,'" said Cluley, a senior technology consultant at the U.K.-based security firm. "He's easily the most famous person on the planet, and the fascination with him isn't just in the U.S. It's global."
Both Hubbard and Cluley noted that the attacks are nearly identical to previous campaigns that have tried to dupe users into installing a file posing as a video codec or player program. Last August, for example, several massive campaigns lured users to malware-hosting sites by promising video clips from the CNN and MSNBC news channels. One of those campaigns tried to convince users to install a fake version of Flash Player, just as the Obama-oriented attacks did today.
"This is just the latest evolution of the campaigns we've seen in the past," said Cluley. "Obama is the hottest celebrity, isn't he?"
Hubbard and Cluley also agreed on one more thing: This is just the beginning of Obama-themed attacks. "You would expect another wave, or a copycat of this, maybe with another fake news story," said Hubbard.
"This is far from the last piece of malware we'll see abusing Obama," Cluley echoed. "Users need to remember not to click on links."
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast Best Practices: How to Improve Business Continuity with Virtualization VMware solutions include a range of business continuity capabilities to help ensure availability for applications across your virtualized environment. Learn More>>
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- Live Webcast
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts