Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Symantec Voice of Reason - Online Miscreants Swept Away by Obamania

  • 20 January, 2009 16:05

<p>As anticipation builds around President-elect Barack Obama’s upcoming inauguration ceremony, Symantec Security Response's global sensors have detected a new wave of malicious spam messages trying to capitalise on the popularity of the new President.</p>
<p>A new threat -- W32.waledac -- uses classic social engineering techniques to get unsuspecting users to click on hyperlinks contained within e-mails that lead to another site filled with malicious links. Although W32.waledac is not a high-risk threat, users may be quick to click on a link to get to the fake breaking news, forgetting about potential hazards. Late last year, this same piece of malicious software was used as part of Christmas-related threats.</p>
<p>Symantec's updated blog provides the latest information on inauguration-related threats at Our security experts will continue to collect and analyse data on this topic. If you would like to speak with a Symantec security expert on the topic or to get an update other current threats, please contact:</p>
<p>Angela Coombes
Max Australia
02 9954 3492</p>
<p>Body of the Blog</p>
<p>Online Miscreants Swept Away by Obamania
In previous blog postings, I talked about the politically themed online malicious activity, focusing on what we observed during the recent US Presidential election cycle. Even though the election itself has long since been over, we are continuing to see similar political themes in today’s attacks.</p>
<p>As anticipation builds around President Elect Barack Obama’s upcoming inauguration ceremony, Symantec’s Threat Intelligence team analyzed a new wave of malicious spam messages with a “Presidential theme” that found their way into one of our vast number of global sensors.</p>
<p>The corresponding emails have subjects and bodies like:</p>
<p>Subject: You must look at this!</p>
<p>Our new president has gone</p>
<p>Yours truly,
Dan Harrison</p>
Subject: Breaking news</p>
<p>Barack Obama refused to be the president of the United States of America</p>
<p>Yours Sincerely,
Cecily Lynn
Subject: Breaking news
There is no president in the USA anymore</p>
<p>With kind regards,
Edgar Rouse
Subject: What is going on with our country?</p>
<p>Obama has gone</p>
<p>Yours faithfully,
Rodney Lynch</p>
<p>Each e-mail also contains a hyperlink (redacted above for safety reasons) that, when clicked on, leads the user to a web page.</p>
<p>While the page looks strikingly similar to the official Obama-Biden campaign site, it is actually far different. The site first attempts to exploit weaknesses in your web browser to surreptitiously install malicious software onto your machine. Although, even if your machine is fully patched, the site hopes that your curiosity gets the better of you and each hyperlink on the site points to malicious content. The files you can download from the site take on a variety of names such as usa.exe, obamanew.exe, pdf.exe, statement.exe, barackblog.exe, barackspeech.exe. Don’t let the myriad of names fool you; under the hood, the files are all otherwise identical.</p>
<p>Rest assured that we detect this piece of malicious software under the name W32.waledac. This particular piece of malware is capable, among other things, of:
• harvesting sensitive information on your computer
• turning your machine into a spam zombie
• establishing a back-door on your computer that will allow it to be remotely accessed</p>
<p>Interestingly enough, this same piece of malicious software made the rounds not that long ago using various types of Christmas-related themes to trick its way onto your computer.</p>
<p>This threat continues to demonstrate a well-established practice among today’s attackers, namely to trick you into infecting yourself through the use of enticing messages based on current events.</p>
<p>Political themes play an especially prominent role in today’s online attacks because of their strong appeal among a wide audience. The one thing we can be certain of is that this particular incident is neither isolated nor likely to be the last one we see like it.</p>
<p>As we await what will be a truly historic Presidential inauguration ceremony, don’t let your online safety and sensitive data become history as well!</p>

Most Popular