Spammer's newest bait: President-elect Barack Obama
Presidential elections catch people's attention the way few other events can. As the Monitor reported this morning, "an estimated 136 million Americans – as many as 66 percent, the most since 1908 – pulled a lever, touched a screen, or filled in a ballot." News networks and websites hauled in huge audiences.
And cyber criminals candy-coated their malware with election-themed snares.
The web-security guards at MX Logic reported this morning that just hours after Obama clinched the election, spammers pounced on the moment. In the first two hours, they had sent out almost 1 million phony email messages that linked to malicious software. The letters claimed to be from news@bbc.com, news@cnn.com, election@usatoday.com, and other seemly legitimate sources, according to MX, and heralded "Barack Obama Wins," "Election Night Results," and "Fear of a Black President."
Here's a sample message:
-----------------------------------------------
Barack Obama Elected 44th President of United States
Barack Obama, unknown to most Americans just four years ago, will become the 44th president and the first African-American president of the United States.
Watch His amazing speech at November 5!
Proceed to the election results news page>>
2008 American Government Official Website
This site delivers information about current U.S. Foreign policy and about American life and culture.
------------------------------------------------
The emailed link directs readers to a dummy site designed to resemble a real news webpage. From there, an alert "alleges that the users must download an updated version of flash to view the video of Obama's speech," MX writes. If users agree, then they end up with a downloaded file that contains hidden malware.
Spammers have mastered this kind of social engineering, attaching their traps to the latest trends. There was even a smaller stream of Spanish-language Obama malware that ran as a "targeted campaign," according to Websense.
So, as always, be careful. Avoid suspicious email links, especially messages with grammar errors, such as the one above. And be even more wary of what you download.
