Sponsored By

Botnet Uses Inauguration To Fool Users Into Downloading Malware

Waledac Trojan turns PCs into botnet zombies, researchers say

Dark Reading Staff

January 21, 2009

2 Min Read

Researchers today have been warning users to stay away from a malware-bearing attack that appears to come from Barack Obama's Website.

According to a report from researchers at PandaLabs, the botnet-controlled, fast-flux operated malware campaign operates from a fake Website that looks exactly like Obama's site.

Researchers at Symantec say the attacks are an attempt to recruit zombies for the botnet known as Waledac, which many experts believe to be a reincarnation of the infamous Storm botnet.

The fake site attempts to bait users into clicking on a news link that says Barack Obama has refused to be president. "Barack Obama's inauguration that was planned on 20th January 2009 is under the threat of failure," the site says. "On the eve of Inauguration Day President-elect Barack Obama made a statement. He declared that he is definitely NOT ready for this position. Analysts say that Barack Obama has refused to be next president because he recognized inconsistency of his plan of stimulating USA economy."

When the user clicks on the link, the malware, called W32\lksmas.A.worm, begins to download all of the necessary files needed to host the fake site on the victim's computer, Panda researchers say. Most computers that have been compromised are likely to end up as zombies hired by hackers and will be used as "legitimate servers" for sending spam or launching denial-of-service attacks, they say. A similar campaign using Obama's name was carried out in November.

The attack, which has been found on at least 40 Websites, appears to have originated from China; the domains were purchased from a Chinese domain registrar called Xinnet Technology Corp., which has a history of abuse problems, PandaLabs says.

Researchers at another security company, AppRiver, said they saw more than 150,000 attempts to send out the fake Obama site spam yesterday.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights