14 DAY TRIAL // Researchers from web security vendor Websense warn that the website of the President of the United States is being used again to distribute trojans. The social networking component of the site is being abused by attackers who create fake accounts and post links pointing to malware.
Barack Obama and his staff proved particularly skilled at leveraging on the web 2.0 technology in order to raise support during the campaign. The fact that the website of the new President of the United States is as active as ever, being ranked 872 in Alexa, shows that this has not been just a temporary set-up to help them win the elections.
The reputable website features allow Obama supporters to organize themselves in groups and follow local events, through an on-line social network available at My.BarackObama.com. However, as with many other social networking services, the cyber-criminals have lost no time in trying to capitalize on the popularity of the site, the Websense analysts explain.
According to them, the community blog is the particular feature that is being misused in this incident. The attackers have created various rogue blogs, after registering fake accounts, where they are promoting what they claim to be various video files hosted on YouTube. These alleged embedded videos are actually just images of the YouTube video player, which links to an external website.
The external website is by no means YouTube, but a YouTube look-alike page, which promotes more fake videos, mostly adult in nature. Trying to watch such a movie will prompt the download of an executable file, which claims to be a required codec, but is in fact a trojan installer.
These fake video codec scams are rather common, and we have previously reported several other incidents where diverse on-line services were abused in a similar fashion. Facebook, Google Code, or Picasa Web Albums are just a few amongst the many popular web resources abused by the attackers in the past. However, the Obama website scheme does not end here, researchers warn.
In addition to trying to entice the other members of the social network to follow the malicious links, the hackers have employed some SEO tactics, by spreading links to the rogue blogs via injecting them into user-generated content on other websites.
This is actually the resurfacing of an older identical scheme, which was reported on the My.BarackObama website back in May 2008. However, the Websense analysts point out that the new trojan is only detected by 35% of all major anti-virus engines.
“We acknowledge that this has been mentioned before, but now that President Obama has officially been sworn in, and with the new administration's efforts to 'expand and deepen this online engagement,' we can be sure that the frequency and intensity of malicious campaigns aimed at anyone seeking to engage with the President online will only increase,” the Websense Security Labs ThreatSeeker Network warns.