According to the company, targeted users first get a spam e-mail proclaiming the Obama win, and it asks users to visit a bogus election results Web site. Users are then asked to download what looks to be a movie to watch Obama's "amazing speech." Instead of a video of Obama's speech in Chicago last night, visitors are instead infected with a Trojan horse/backdoor which can be remotely controlled by the attacker.
In an e-mail to InformationWeek, a Sophos spokesperson also noted that the malware:
• Contains rootkit technology to conceal itself • Is designed to steal information from an infected computer • Also has general "backdoor" functionality • Spies on user's keyboard and mouse inputs and can take screenshots • Looks for passwords
It submits the information it needs to a Web server located in Kiev, Ukraine.
Sophos has more information here, on its research blog.