Hackers leverage Obama win for massive malware campaign
November 5, 2008 (Computerworld) Hackers have seized on the results of the U.S. presidential election to launch a major malware campaign that tries to trick users into installing an update to Adobe Systems Inc.'s Flash, but actually plants a Trojan horse on unprotected PCs, security experts warned today.
The malware blitz stems from spam messages touting Sen. Barack Obama's victory last night, and offers up a link to what is supposedly a site sporting election results. When users click on the link, however, they're shunted to a fake site that demands the user install an update to Adobe's Flash Player before viewing a video.
Rather than a Flash update, what's actually downloaded is a Trojan horse that compromises the PC then floods the machine with more malware, said Dan Hubbard, vice president of security research at Websense Inc. "This is very coordinated," said Hubbard of the Obama-themed attacks, "with evidence that they planned this, then waited for the election results."
According to Hubbard, the hackers registered 15 to 20 domains yesterday to host the malware and fake site. All the domains are on so-called "fast flux" servers, Hubbard added, referring to the practice in which criminals rapidly switch domains between multiple IP addresses. Identity thieves often use the fast-flux tactic as a way to stay ahead of the law and prevent their servers from being shut down.
Hubbard called the attacks "the largest malicious e-mail campaign going," adding that Websense had tracked 100,000 individual copies of the scam message so far today. [...]
This isn't a partisan attack. The criminals doing this are using the Obama theme because at the moment Obama is a world-wide celebrity. Using people's interest in him like this gives them the biggest platform for these attacks.
While I'm not likely to be a victim by watching Obama videos, I still find it creepy. It seems like I'm often asked to update Adobe Flash, and I usually just hit the button without a second thought. Not anymore.
No comments:
Post a Comment