Fake sites spreading malware claim Obama won't take oath
Bogus news sites serve up Waledec, successor to 2008's Storm
Computerworld - Sites claiming that President-elect Barack Obama will refuse to take the oath of office on Tuesday are serving up attack code believed to be programmed by the same hackers responsible for the notorious Storm bot Trojan horse, researchers said this weekend.
According to researchers at several security companies, including F-Secure Corp., MX Logic Inc. and Trend Micro Inc., spam campaigns are in gear that try to trick users into visiting malicious Web sites hosting variations of "Waledec," the Trojan horse thought to be the successor to Storm.
Sam Masiello, vice president of information security at MX Logic, was one of the first to call attention to the attacks, which begin with one-line spam messages such as "Haven't you heard latest news about our president-elect?", "Barack Obama abandoned sinking ship," and "Obama doesn't wany [sic] anymore to be a president."
The links in those messages lead to a legitimate-looking site that resembles the real Obama-Biden campaign site. The fake site contains both bogus and real news stories. At the top of the page is a story with the headline "Barack Obama has refused to be a president" and includes text that reads, "On the Eve of Inauguration Day President-elect Barack Obama made statement. He declared that he is definitely NOT ready for this position."
Clicking on a link to read more of the story triggers a download of an executable file that is in fact a variant of the relatively-new Waledec, according to researchers at Trend Micro and F-Secure.
Waledec has been linked to 2008's Storm by researchers including Joe Stewart, director of research at Atlanta-based SecureWorks Inc. and a leading expert on botnets. Last week, Stewart released a new census of the world's biggest botnets and put Waledec in the No. 9 spot with an estimated 10,000 hijacked Windows PCs under its control.
Waledec, said Stewart, shows all the signs of having been written by the same group, if not the same person, that crafted Storm. "It's so similar that it's unlikely that it's a different group," he said last week, citing the similarity of the messages that start the attacks, as well as the malware's coding.
The Waledec bot first began infecting systems just before Christmas, and it used phony holiday greetings and e-cards -- a tactic also employed by Storm during 2008 -- as bait.
"As is often the case with these new outbreaks, [antivirus] detection is scarce, so be aware of this new tactic," Masiello said in an entry to the MX Logic security blog Friday evening. The Englewood, Colo.-based company was tracking approximately 4,000 fake Obama e-mails per hour on Saturday.
Obama is scheduled to take the oath of office as the 44th U.S. president on Tuesday in Washington. One concern is that the planned live streaming of the event will tax the Internet's capabilities. However, experts have said that they expect no widespread outages as users watch the inauguration on sites such as CNN.com.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Taking Windows Mobile on Any Device Taking Windows applications mobile has many advantages, but the process of identifying a solution is complex. Learn how to solve this complex problem...
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Windows White Papers |