Fake Obama News Sites Abound


Recommended Posts

Jan18

by Jake Soriano (Technical Communications)

img {max-width:650px;width: expression(this.width > 650 ? 650: true);border-style:none; } Earlier this week, we blogged about the range of Web threats that would take advantage of Barack Obama’s inauguration on the 20th. We mentioned fake news as a possible social engineering ploy and cybercriminals did not disappoint. They were a little early in fact: Trend Micro Advanced Threats Researcher Paul Ferguson discovered bogus websites with headlines like Barack Obama has refused to be a president and links that lead to malicious executables.

Trend Micro detects some of the binaries (with file names like barack.exe and baracknews.exe for maximum effect) as WORM_WALEDAC variants - the same malware family that featured prominently in a spamming and malware operation just after New Year’s and which researchers believe is associated with bot giant Storm. WORM_WALEDAC variants are also notorious for their information-stealing routines.

Some of our detections include WORM_WALEDAC.KAX, WORM_WALEDAC.AE, WORM_WALEDAC.AH, WORM_WALEDAC.AG, WORM_WALEDAC.AD, WORM_WALEDAC.AL, TROJ_AGENT.DOZZ, TSPY_BANKER.BFE, TROJ_DLOADER.XGZ, BKDR_KRYPTIK.AB.

These malware are mostly hosted on domains that contain Obama-related key words. We found crafted web sites where all links lead to malware."

Story & screenshots: http://blog.trendmicro.com/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...