We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Fake Obama websites contain malicious Trojan

Hackers behind Storm thought to be responsible

The hackers responsible for the Storm Trojan are also thought to be behind a number of websites claiming Barack Obama will refuse to take the oath of office this week, say security researchers.

According to researchers at several security companies, including F-Secure, MX Logic and Trend Micro, spam campaigns are trying to trick users into visiting these websites, which are hosting variations of 'Waledec' - the Trojan horse thought to be the successor to torm.

Barack Obama 200

Sam Masiello, vice president of information security at MX Logic, was one of the first to call attention to the attacks, which begin with one-line spam messages such as 'Haven't you heard the latest news about our president-elect?', 'Barack Obama abandoned sinking ship' and 'Obama doesn't wany [sic] anymore to be a president'.

The links in the messages lead to a legitimate-looking site that resembles the real Obama-Biden campaign site. The fake site contain both bogus and real news stories. At the top of the page is a story with the headline 'Barack Obama has refused to be a president', that includes text, which reads 'On the Eve of Inauguration Day President-elect Barack Obama made statement. He declared that he is definitely NOT ready for this position'.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

Clicking on a link to read more of the story triggers a download of an executable file that is in fact a variant of the relatively-new Waledec, according to researchers at Trend Micro and F-Secure.

Waledec has been linked to 2008's Storm by researchers including Joe Stewart, director of research at Atlanta-based SecureWorks and one of the leading experts on botnets. Last week, Stewart released a new census of the world's biggest botnets, and put Waledec in the No 9 spot with an estimated 10,000 hijacked Windows PCs under its control.

Stewart said Waledec shows all the signs of having been written by the same group, if not the same person, that crafted Storm. "It's so similar that it's unlikely that it's a different group," he said last week, citing the similarity of the messages that start the attacks, as well as the malware's coding.

The Waledec bot first began infecting systems just before Christmas, and used phony holiday greetings and ecards - a tactic also employed by Storm during 2008 - as bait.

"As is often the case with these new outbreaks, [antivirus] detection is scarce so be aware of this new tactic," Masiello said in an entry to the MX Logic security blog. The security company was tracking approximately 4,000 fake Obama emails per hour on Saturday.

Obama is scheduled to take the oath of office as the 44th US president on this week in Washington DC. One real concern is that the planned live-streaming of the event will tax the internet's capabilities. Experts, however, have said that they expect no widespread outages as users watch the inauguration on the web.

See also: Obama and Britney hit by Twitter hack


IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Best Photoshop Tutorials 2014: 10 inspiring step-by-step guides to creating amazing art,...

IDG UK Sites

Apple TV expert tips: get US Apple TV content, watch Google Play, use multiple Apple IDs and more