Report: Cybercriminals Exploit Obama Victory

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

<strong>San Diego, Calif. &mdash; Nov. 5</strong><br />Websense Inc., a global provider of Web, data and e-mail security solutions, reported that the Websense Security Labs ThreatSeeker Network has discovered cybercriminals seeking to capitalize on the results of the 2008 U.S. presidential election with a mass malicious e-mail campaign. <br /><br />Attackers are sending several variations of malicious email lures throughout the world directing recipients to click on links to view videos showing an interview with the advisors to the U.S. President-elect Barack Obama or view a portion of his acceptance speech. Clicking on the links directs users to malicious Web sites that infect them with information-stealing malware. <br /><br />In some variations of the e-mail attack, cybercriminals are using well-known publishing names such as Time magazine and La República (Peru) in the e-mail subject line to encourage users to click on the links. Websense Web security and e-mail security customers are protected from these attacks. <br /><br />”The U.S. election has been closely watched by people worldwide making it an ideal topic to use as a lure by cybercriminals seeking to steal information from unsuspecting victims,” said Dan Hubbard, chief technology officer at Websense. “We are seeing many variations of this attack and the numbers of e-mails are growing by the thousands by the hour.” <br /><br />Some of the e-mail attacks contain links to a file called &ldquo;BarackObama.exe,&rdquo; which is hosted on a compromised travel site. The file is an information-stealing Trojan horse downloader. Upon execution, files called “system.exe” and “firewall.exe” are dropped into the victim&rsquo;s system directory, and a phishing kit is unpacked locally, dropping files bound to startup. The &ldquo;hosts&rdquo; file is also modified. <br /><br />In another variation, victims that click on the link go to a purposely registered domain that advises them to install the latest version of Adobe Flash player before the video can be viewed. The malicious Web site actually links to a file called &ldquo;adobe_flash.exe&rdquo; that is really a Trojan horse packed with ASPack. Upon execution, a rootkit is installed on the compromised machine, and the victim&#39;s data is sent to multiple command and control servers. <br /><br />All Websense solutions are powered by the Websense ThreatSeeker Network that continuously monitors the Internet for changes and emerging threats such as the current attack. The resulting intelligence is immediately incorporated into the company&#39;s Web, data and e-mail security solutions. As a result, Websense solutions adapt to the rapidly changing Internet threat environment at speeds not possible by traditional security solutions. <br />

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|