Trend Micro Advanced Threats Researcher Paul Ferguson has discovered fake websites with headlines like Barack Obama has refused to be a president and links that take the user to fake Obama sites which mimick the official Obama website.
Trend Micro has found binaries with file names like barack.exe and baracknews.exe which belong to Waladec family of worms that spread more after New Year as spam greeting cards. Below is a glimpse of the fake obama website
Some of the malware found are:
- WORM_WALEDAC.KAX
- WORM_WALEDAC.AE
- WORM_WALEDAC.AG
- WORM_WALEDAC.AD
- WORM_WALEDAC.AL
- WORM_WALEDAC.AH
- TROJ_AGENT.DOZZ
- TSPY_BANKER.BFE
- TROJ_DLOADER.XGZ
- BKDR_KRYPTIK.AB
These malware are mostly hosted on domains that contain Obama-related key words.
Spam emails are being circulated that contains links to fake Obama websites causing the download of WORM_WALEDAC.KAX which steals email addresses and sends the information to mulitple IP addresses. This worm also opens random ports in an affected system
Image Courtesy: TrendLabs, Technet blog