Trend Micro Advanced Threats Researcher Paul Ferguson has discovered fake websites with headlines like Barack Obama has refused to be a president and links that take the user to fake Obama sites which mimick the official Obama website.Trend Micro has found binaries with file names like barack.exe and baracknews.exe which belong to Waladec family of worms that spread more after New Year as spam greeting cards. Below is a glimpse of the fake obama website
Some of the malware found are:
- WORM_WALEDAC.KAX
- WORM_WALEDAC.AE
- WORM_WALEDAC.AG
- WORM_WALEDAC.AD
- WORM_WALEDAC.AL
- WORM_WALEDAC.AH
- TROJ_AGENT.DOZZ
- TSPY_BANKER.BFE
- TROJ_DLOADER.XGZ
- BKDR_KRYPTIK.AB
These malware are mostly hosted on domains that contain Obama-related key words.
Spam emails are being circulated that contains links to fake Obama websites causing the download of WORM_WALEDAC.KAX which steals email addresses and sends the information to mulitple IP addresses. This worm also opens random ports in an affected system
Image Courtesy: TrendLabs, Technet blog
The pathetic grammar of the subject line alone would be enough for me to delete it immediately. Looks like it was written by the same fool who writes those ridiculous penis-enlargement spam messages.
(ow. my brain)
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.