Articles

Malware Campaign Uses Obama's Name

The new Trojan horse has accounted for 60 percent of malicious spam in the last hour.

by / November 5, 2008

The polls have been closed for less than 24 hours, and already hackers are launching a new malware campaign. Using the president-elect's name to draw people in, the e-mail messages contain subject lines such as "Obama win preferred in world poll" and claims to be from news@president.com. After the message is opened, there is a link that purports to take the user to news about the new president. Once the link is clicked, the user is prompted to download Adobe Flash 9 to view a video of Obama president making a speech. If the bogus Adobe Flash player is downloaded, a malicious Trojan horse infects the computer.

SophosLabs identified this malware as Mal/Behav-027, and it has accounted recently for nearly 60 percent of malicious spam. Owners with infected computers will find that their data has been compromised, and they could potentially even have their identity stolen. Sophos experts said the malicious Trojan horse incorporates the following characteristics:

  • The malware contains rootkit technology to conceal itself.
  • It's designed to steal information from an infected computer.
  • It also has general "backdoor" functionality.
  • It spies on user's keyboard and mouse inputs and can take screenshots.
  • It looks for passwords.
  • It submits the information it discovers to a Web server located in Kiev, Ukraine.

Users of anti-virus products should check to see if updates have been made to protect against this new malware.