Sunday, January 18, 2009

Fake Obama websites spreading malware

Similar to eCard spam mails, we are now seeing US president-elect Barack Obama themed mails which contain links to fake websites. These sites host a malicious executable and this malware belongs to the same old Storm/Waledac family. One such mail and a fake website ( are shown in following screenshots:

These fake sites are hosted using fast flux DNS technique - a typical method used by Storm botnet. It can be seen from the following screenshot that the IP address keeps changing frequently:

VirusTotal scan result of the malware can be found here. An automated analysis by ThreatExpert can be found here.


Anonymous Adithya said...

re nim blog bhayankara kachings ri!! Bolg description alli "Buddivantarige maatra" anta haakbidi :-P

5:24 PM  
Blogger swatkat said...

Ha hahaa... Neene hingandre hengappa ;)

6:02 PM  

Post a Comment

<< Home