Fake sites spreading malware claim Obama won't take oath
Sites claiming President-Elect Barack Obama will refuse to take the oath of office Tuesday are serving up attack code believed to be programmed by the same hackers responsible for the notorious Storm bot Trojan, researchers said this weekend.
According to researchers at several security companies, including F-Secure Corp. , MX Logic Inc. and Trend Micro Inc. , spam campaigns are in gear that try to trick users into visiting malicious Web sites hosting variations of "Waledec," the Trojan horse thought to be the successor to Storm.
Sam Masiello, vice president of information security at MX Logic, was one of the first to call attention to the attacks, which begin with one-line spam messages such as "Haven't you heard latest news about our president-elect?", "Barack Obama abandoned sinking ship," and "Obama doesn't wany [sic] anymore to be a president."
The links in those messages lead to a legitimate-looking site that resembles the real Obama-Biden campaign site . The fake site contains both bogus and real news stories. At the top of the page is a story with the headline "Barack Obama has refused to be a president," that includes text which reads, "On the Eve of Inauguration Day President-elect Barack Obama made statement. He declared that he is definitely NOT ready for this position."
Clicking on a link to read more of the story triggers a download of an executable file that is in fact a variant of the relatively-new Waledec , according to researchers at Trend Micro and F-Secure.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Obama
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Search-and-destroy Antispyware.
Have you ever tried Search-and-destroy Antispyware? If you answered no, then you should give it a try. Over the years I have used many different types of antispyware and this is one of the best that I have ever tried. I was surprised and delighted to find that I could purchase it for a lower price than I could buy Norton and other similar scans that produce the same results. That makes it even better. Antispyware solution from Search-and-destroy can find the same kinds of bugs as these more expensive programs and is easy to get. Just click here http://www.Search-and-destroy.com and you can see how well it really works for yourself.