Spammers Target Obama: Say He Has Quit Presidency

by CXOtoday Staff    Jan 20, 2009

The emails, aimed at infecting computers with the Waledec botnet, carry content to the effect that Obama has abandoned the presidency or no longer wants to be president.


According to experts from the Marshal8e6 TRACE Labs, the email itself is not dangerous, but the web sites that are linked to are. In this case, a user is taken to an official-looking but fake Obama campaign website and enticed into clicking on a news link. This link prompts the user to download a file called "barakspeech.exe," or a similar variant. This file is, in reality, malware. The domains for the fake websites include "greatobama" or "superobama".


"The website that these spam messages link to looks official and convincing at first glance. Closer examination reveals numerous spelling and grammatical errors on the site, which could alert wary email users that this is a trick. Unfortunately, we expect that many users who are lured to these sites will invariably click on the link and infect themselves," said Phil Hay, senior threat analyst for the Marshal8e6 TRACE Labs.


If you do make the mistake of clicking on one of these links, avoid downloading anything. Also, keep your browser up-to-date to minimize the likelihood of automatic infection through browser vulnerabilities," advised Hay.


The Waledec botnet first appeared in December 2008, according to Marshal8e6, and continues Storm botnet’s modus operandi of distributing malware via URL links under the guise of sensational news headlines and fake greeting cards. Storm botnet ceased spamming in September 2008.


Related Links:

New, Improved Anti-Virus for Enterprises