14 DAY TRIAL // January 20, 2009 marks the inauguration of Barack Obama as the 44th President of the U.S., a day preceded by heavy logistic preparations, on multiple fronts, associated with the ceremony. The event has generated a consistent amount of publicity worldwide, and, in the process, attracted the attention of malware authors who found new fuel to drive their attacks and social engineering schemes. According to Microsoft, fake Obama websites have been popping out ahead of January 20, in an effort to draw in unsuspecting users and to get them infected with malicious code.
“They've almost perfectly mimicked the official Obama website, and registered a bunch of domain names containing their mimicked content. The domain names are usually made up of three words, the second of which is the name Obama. The first may be 'super' or 'great,' the third may be 'direct,' 'online,' or 'guide.' Note that this is based on the samples that we have seen so far, so it's possible that the malware authors may use other word combinations in the future,” Microsoft's Jireh Sanico and Ina Ragragio revealed.
The fake websites focused on Barack Obama have come even to claim that the President elect of the U.S. refused the position days ahead of his inauguration, claiming that he wasn't prepared. Microsoft warned that the links on the malicious Obama webksites were designed to serve the Trojan:Win32/Waledac.A Trojan Horse to users. Once the computers are infected with the malware, users will find that their email addresses are being harvested, while additional malicious code is downloaded.
“This trojan collects email addresses in the system and then posts its gathered information to certain websites. It may also connect to these websites to download and run other malware,” Sanico and Ragragio added. “Once the holiday season was over, the malware authors had to find a way to sustain the spread of their malware. The next big occasion is the Inauguration, so that must have seemed like the logical social engineering technique to use.”