A worldwide malicious e-mail campaign is using sensational “news” about U.S. President-elect Barack Obama as bait to steal the financial information of recipients.
There are two different e-mails being distributed, according to Dan Hubbard, chief technology officer at San Diego, Calif.-based Websense Inc.
The first one – written in Spanish – originates in South America and uses phishing techniques to trick users.
It contains an unsafe link to a phony article on the effect Obama’s victory will have on South America. If users fall for the trick and click on the link, it will redirect them to a fraudulent banking site that will steal their personal and financial information, if they log in.
The second e-mail, which is more complex, has been created by a group that Hubbard believes is quite proficient in this sort of scam. Written in English, it may include a reference to Time Magazine or La Republica (a publication from Peru), and what appears to be an embedded video of Barack Obama.
When you click the “Play” button on the video, it asks you to update your Adobe Flash video player before installing malicious code for information stealing. The installed rootkit then send important data on your computer to servers operated by the gang.
The e-mails may also contain a link to a file called “BarackObama.exe,” that’s actuality, a Trojan horse. The file will be dropped into the system, modifying it.
“We’ve had millions of e-mails about the second threat,” Hubbard said. “It appears to be more complex and widespread, and is more sophisticated on the infrastructure side.”
He said the gang conducting the campaign seems to be using multiple servers and keeps changing their location. “They are constantly being taken down and put up somewhere else.”
SophosLabs said the malware represents approximately 60 per cent of all malicious spam seen in their labs on Wednesday. SophosLabs is a global network of researchers and analysts affiliated with U.K.-based security company Sophos Plc.
A big reason why this latest e-mail scam is so widespread is the popularity of this year’s American election, Hubbard said.
“This year’s election has been covered very well internationally, in comparison to the past,” he said. “Not too many South Americans would have clicked on a lure about the 2004 election, but the world has been watching allowing hackers to cast a wider net this time.”
Hackers will abuse any event with worldwide media coverage, he said. The Olympics or a natural disaster would be other examples.
Graham Clueley, senior technology consultant at Sophos, said people are more likely to click on a link if you choose a world figure.
“I imagine most people in America wouldn’t care about a video of Gordon Brown, but with Barack Obama, we are interested because he has great influence over us all.”
There are a variety of threats out there, he said, but timing is everything. “There’s certainly a lot of presidential material at the moment, because they know people are prepared to click on it.”
Of course this isn’t the first time hackers have taken advantage of the election.
Earlier this year, hackers broke into Republican vice-presidential candidate Sarah Palin’s e-mail Inbox.
A message claiming Obama had been filmed in a sex video was used to lure Windows PC users and infect their machines, Clueley said.
And a new e-mail scam began to circulate Thursday using sensational claims about Obama and former running mate John McCain.
Thousands of users are receiving spam with subject lines claiming John McCain has suffered a heart attack or that Barack Obama has been shot.
When opened, these e-mails lead to ads for a Canadian pharmaceutical company selling Viagra.
“It’s a pretty sick trick,” Clueley said, “but cybercriminals don’t care, they will do anything to get people to click on links or open their e-mails.”
Matt Sergeant, senior anti-spam technologist at MessageLabs, said an overwhelming majority of pre- and post-election spam campaigns include references to Obama.
Ninety-five per cent of spam campaigns before the election referenced Obama, while only five per cent referenced McCain. “We’re seeing the same sort of things post election – not exactly the same subject lines, but variations referencing Obama and the victory,” Sergeant said.
“Certainly what’s interesting is they’re not selling anything political in these e-mails. They’re related to pharmaceuticals, regular gifts, or a variety of unrelated things.”
Hubbard at WebSense said eventually the volume of Obama malware will decrease, but something else will pop up in its place – whether it is the upcoming American Thanksgiving holidays, Christmas or a natural disaster.
He said to avoid falling victim to a phishing or email scam the best practice is: don’t click on links in e-mails if you don’t know who the sender is.
“If there’s a major news story, it will be on CNN or BBC, you don’t need to follow a link from your e-mail, go to the proper site.”