U.S. Presidential Malware - Another Obama Lure
Threat Type: Malicious Web Site / Malicious Code
Websense® Security Labs™ ThreatSeeker™ Network has discovered further activity from malware authors using the news of the U.S. Presidential campaign outcome as bait to attract users into executing malicious executables. So far we have over 25,000 emails through our systems that use the technique described below. In a very quick response to the outcome of the U.S. Presidential attacks we have now seen both localized and globalized attacks.
The email offers news of Barack Obama's speech, recorded the day after the election results were published. Clicking on the link leads the user to a purposely registered domain which advises the user that they need to install the latest version of Adobe Flash player before the video can be viewed. The malicious Web site actually links to a file called 'adobe_flash.exe' with MD5 47C86509A78DC1EDB42F2964BEA86306. This is a Trojan Downloader packed with ASPack. Upon execution, a RootKit is installed on the compromised machine, and data is sent to multiple command and control servers.
Screenshot of email lure:
Screenshot of malicious Web site:
Websense Messaging and Websense Web Security customers are protected against these threats.