According to a report from researchers at PandaLabs, the botnet-controlled, fast-flux operated malware campaign operates from a fake Website that looks exactly like Obama's site.
Researchers at Symantec say the attacks are an attempt to recruit zombies for the botnet known as Waledac, which many experts believe to be a reincarnation of the infamous Storm botnet.
The fake site attempts to bait users into clicking on a news link that says Barack Obama has refused to be president. "Barack Obama's inauguration that was planned on 20th January 2009 is under the threat of failure," the site says. "On the eve of Inauguration Day President-elect Barack Obama made a statement. He declared that he is definitely NOT ready for this position. Analysts say that Barack Obama has refused to be next president because he recognized inconsistency of his plan of stimulating USA economy."
When the user clicks on the link, the malware, called W32\lksmas.A.worm, begins to download all of the necessary files needed to host the fake site on the victim's computer, Panda researchers say. Most computers that have been compromised are likely to end up as zombies hired by hackers and will be used as "legitimate servers" for sending spam or launching denial-of-service attacks, they say. A similar campaign using Obama's name was carried out in November.
The attack, which has been found on at least 40 Websites, appears to have originated from China; the domains were purchased from a Chinese domain registrar called Xinnet Technology Corp., which has a history of abuse problems, PandaLabs says.
Researchers at another security company, AppRiver, said they saw more than 150,000 attempts to send out the fake Obama site spam yesterday.