Fake Obama News Sites Abound

[Peaches]

Jan18

Fake Obama News Sites Abound

by Jake Soriano (Technical Communications)

img {max-width:650px;width: expression(this.width > 650 ? 650: true);border-style:none; } Earlier this week, we blogged about the range of Web threats that would take advantage of Barack Obama’s inauguration on the 20th. We mentioned fake news as a possible social engineering ploy and cybercriminals did not disappoint. They were a little early in fact: Trend Micro Advanced Threats Researcher Paul Ferguson discovered bogus websites with headlines like Barack Obama has refused to be a president and links that lead to malicious executables.

Trend Micro detects some of the binaries (with file names like barack.exe and baracknews.exe for maximum effect) as WORM_WALEDAC variants - the same malware family that featured prominently in a spamming and malware operation just after New Year’s and which researchers believe is associated with bot giant Storm. WORM_WALEDAC variants are also notorious for their information-stealing routines.

Some of our detections include WORM_WALEDAC.KAX, WORM_WALEDAC.AE, WORM_WALEDAC.AH, WORM_WALEDAC.AG, WORM_WALEDAC.AD, WORM_WALEDAC.AL, TROJ_AGENT.DOZZ, TSPY_BANKER.BFE, TROJ_DLOADER.XGZ, BKDR_KRYPTIK.AB.

These malware are mostly hosted on domains that contain Obama-related key words. We found crafted web sites where all links lead to malware."

Story & screenshots: http://blog.trendmicro.com/