Security Alert: Websense has discovered a social engineering in the US presidential election
September 2008 by Websense
Websense Security Labs ThreatSeeker Network has discovered an emerging email campaign which uses the US presidential election as a social engineering mechanism to install information-stealing code on a victim’s machine. With less than 2 months before the start of the election, emails are circulating with fake news of a sex scandal affecting one of the candidates. Recipients of the email are encouraged to view a video supposedly involving the Democratic candidate Barack Obama. Users who click the link are shown a pornographic video taken from hxxp://homemade*snip*.com/. While the video plays for 14 seconds, malicious applications are installed on the victim’s machine.
The email encourages users to download and run obama-*snip*.exe The MD5 of the Trojan Dropper is 26B861DF715549C537C28E4D60D8D0B7. The pornographic video is ran through Windows Media Player.
The dropper installs 809.exe in the user’s Temporary Internet Files folder. Also a Browser Helper Object (BHO) named Siemens32.dll is registered. This is an information-stealing application that posts data to a compromised Finnish travel site, hxxp://*snip*-hotel.com/