Hackers spread malware with 'Hilary Clinton' spam

Criminals 'skittish' of messing with political process -- so far.

Cybercriminals may have weighed risk and reward and figured that the first isn't worth the second if they try to exploit the 2008 US presidential campaign, a security researcher at Symantec said.

At least for now.

"We've now seen just two instances of spam using political candidates to spread malicious code," said Oliver Friedrichs, director of Symantec's security response team and a writer on electoral cybercrime. "I think [hackers] are still a little skittish. The high visibility of the federal elections makes them cautious about stepping into it."

Earlier this week, researchers at both Symantec and McAfee reported a spam run that tried to trick users into downloading a Trojan horse posing as a video of Sen. Hillary Clinton supposedly shot before Tuesday's Virginia primary vote. "Hilary [sic] Clinton visited her campaign headquarters in Virginia and did satellite interviews, looking beyond Tuesday's trio of contests and touting the importance of a March 4 vote in Ohio," the bogus e-mail read. "Full video. Download it now!"

Users who clicked the embedded link, however, were faced with a file pegged "mpg.exe." That file was actually a downloader, which in turn retrieved and installed the "Srizbi" Trojan horse -- malware that turns Windows-running PCs into spam-spewing bots.

The other example of what Friedrichs has called "electoral cybercrime" was a late-October 2007 spam blast ostensibly promoting Congressman Ron Paul and his campaign for the Republican Party nomination. More than a month after that attack, which had links to the Srizbi Trojan horse like the Clinton one this week, researchers at SecureWorks linked the spam to a Ukrainian botnet.

McAfee researcher Alex Hinchliffe drew a line between this week's Clinton spam and the Russian Business Network, a notorious hacker and malware hosting network once based in Russia.

Although Friedrichs had speculated last year that the 2008 presidential campaign would see an increase in electoral attacks -- especially phishing attacks -- over the number that occurred in 2004, when there were just two reported cases, that hasn't happened yet.

Friedrichs offered a possible explanation. "The scale of an election is such that any potential disruption will clearly gather all the strength of all law enforcement," he said.

"But they haven't been afraid of phishing charities," Friedrichs said, citing the aggressive identity-theft attacks that exploited the aftereffects of Hurricane Katrina. "Maybe it's just too early. Maybe we'll see more [phishing] after the primaries are over."

A lot of money will be at stake. The campaign of Senator Barack Obama raised US$28 million online in January alone, according to news reports.

"That's a substantial amount of money. And clearly any sense of conscience or caution [on the part of hackers] might just go out the window," said Friedrichs.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?