The U.S. presidential elections came out as not only an
opportunity for Americans to express their choice, but also as an opportunity
for hackers to spread some Trojans. According to a report by SophosLabs, after
the victory of Democrat Barack Obama, the next day officially became not Obama
Day, but Malware Day.
Malware authors began sending spam to Internet users all
over the world, inviting them to click on a link to either see the election
results news page, or watch a video of Barack Obama’s win. But instead of that,
the link prompted users to install a so-called update of their Adobe Flash
Player in order to watch the video. Sophos identified the file as a piece of
malware called Mal/Behav-027, and said it would continue to monitor the
activity of the cybercriminals behind the attack.
In addition to that, Sophos reported yet another attack,
also evolving around information about Barack Obama, namely a rogue website
that was being returned in the sponsored links of a search engine’s results
when users searched for any information about Obama. Users who clicked on the
link were also prompted to download a file, which was supposedly “100% checked
by Antivirus.” The result would have ultimately been the launch of a PDF file
that contained an exploit in Adobe Acrobat Reader. Fortunately, the malicious website
no longer appears in the search results.
Following the malware spam attack mentioned earlier, Sophos
found another suspect file – BarackOb.exe – just another method for
cybercriminals of exploiting people’s interest in the United State’s president
elect Barack Obama. According to Sophos, almost 60 percent of the spam reported
on the day after the elections was Obama related.
“The hackers are taking advantage of Obama-mania,” explained
Graham Cluley, senior technology consultant for SophosLabs. Obama is now the
most famous person in the world, he said, and people’s interest in him goes
beyond all boundaries. It’s a global phenomenon that cybercriminals stood in line
to exploit.
Another security research report, this time released by
Websense, also talked about the infamous Trojan that was supposedly downloading
an update for Adobe Flash Player, but also about an increased activity in
registering domains to host malware and fake sites. As Dan Hubbard, vice
president of Websense told Computerworld, the hackers are very coordinated. He also
said there’s evidence that they’ve planned all this, and waited for the
election results to start the attacks.
While it still remains hard to assess how many
computers have been infected by now, the number is expected to be a
significant one. Users are advised, as always, not to click on suspicious links
or download suspicious applications, and always keep their security software
up-to-date, in order to prevent their computers from being infected or their
personal data from being stolen.
