Tuesday February 9, 2010 10:32 PM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"I too have been a labor voter for many years and will not be voting for them again. The ..."
on Net filter legislation to go public by March
by maxt | Feb 9, 2010 7:56 PM
 
"I’ve just had a user receive a rehashed version of this with an attached html file containing a ..."
on ATO struck by new phishing scam
by Owen Lutz | Feb 9, 2010 6:01 PM
 
"hi"
on Chinese hacker school shut down
by manish kumar | Feb 9, 2010 4:27 PM
 
"Hey 'hey con-roy' ... from Google Australia's head of policy Iarla Flynn"We don't believe that ..."
on Conroy meets with Google for YouTube filtering
by Keep it real | Feb 9, 2010 3:33 PM
 
"@penno Off-site storage is a good solution unless you have some decent backup software to ..."
on Opinion: My holiday tip - backup your data now
by Charmgene | Feb 9, 2010 2:36 PM
Trojan

Malicious Obama video contains Trojan

  • Email a Friend
  • Print Page
Related Articles
By Dan Raywood
Nov 7, 2008 9:59 AM
Tags: Malicious | Obama | video | contains | Trojan
Just a few hours after Barack Obama was elected as the 44th President of the US, malicious emails are being sent offering a video with his advisors.
Just a few hours after Barack Obama was elected as the 44thPresident of the US, malicious emails are being sent offering a video with his advisors.

Websense Security Labs ThreatSeeker Network has discovered that malware authors are sending emails that promise a video showing an interview with the advisors to the recently elected US President.

The company claim that the email actually contains links to a file called 'BarackObama.exe' hosted on a compromised travel site at hxxp://*snip*.com/web/BarackObama.exe. This file is a Trojan Downloader with MD5 9720d70a5da9ca442ecf41e9269f5a27.

Upon execution files named system.exe and firewall.exe are dropped into the system directory. A phishing kit is unpacked locally, and the dropped files are bound to startup. The hosts file is also modified.

The Trojan downloaders are not being detected by major anti-virus vendors according to Websense, though its own Websense Messaging and Websense Web Security customers are protected against these threats.

Carl Leonard, “This is an email lure, we saw two alerts sent out yesterday so the spammers have reacted to the news of the US elections. The first one was a localised attack that was aiming to dupe people from the Latin America region which was passed off as an interview with Obama's advisors.

"The second attack was a from a phishing attempt to get banking information which claimed that you had to update to the latest Adobe flash player. When this is downloaded is opens a ‘phishing kit' that sets your machine up to work as a phishing website.

"It also scans your firewalls and sends compromised data out so you are acting as a scam website, when you access a banking website it sends your information back to the command centre. This is all hidden by the Rootkit which disguises the malware on your computer.

"This is very current, timely and topical as we saw tens of thousands of emails sent yesterday, and a few thousand sent today, so this is a very short attack that is capitalising on timing and it proves that malware authors do know their audience. We do expect further attacks around the US election theme, possibly when Obama is sworn in on January 20th"

See original article on scmagazineus.com

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
apps attack banking botnet browser company conroy ecards facebook fake filter firefox fraud free google malicious malware mcafee security trojan