Sunday, January 18, 2009

Fake Obama websites spreading malware

Similar to eCard spam mails, we are now seeing US president-elect Barack Obama themed mails which contain links to fake websites. These sites host a malicious executable and this malware belongs to the same old Storm/Waledac family. One such mail and a fake website (http://donate.superobamadirect.com) are shown in following screenshots:




These fake sites are hosted using fast flux DNS technique - a typical method used by Storm botnet. It can be seen from the following screenshot that the IP address keeps changing frequently:


VirusTotal scan result of the malware can be found here. An automated analysis by ThreatExpert can be found here.

2 Comments:

Anonymous Adithya said...

re nim blog bhayankara kachings ri!! Bolg description alli "Buddivantarige maatra" anta haakbidi :-P

5:24 PM  
Blogger swatkat said...

@Adithya,
Ha hahaa... Neene hingandre hengappa ;)

6:02 PM  

Post a Comment

<< Home