A new attack spreading BUZUS malware via Windows Live Messenger has been spotted. Trend Micro advanced threats researcher Loucif Kharouni spotted the messages spreading via the popular instant-messaging (IM) application, samples of which can be seen below.
The text before the links are in French and tells users to click the link that follows. Some of these links made users believe that they were viewing a photo related to an accident that supposedly killed U.S. President Barack Obama. Others used domain names similar to legitimate sites like Facebook and YouTube.
Malware attacks using Barack Obama as social engineering bait date back to his 2008 campaign for the U.S. presidency. Previous attacks were seen both around his election (both for pharmaceutical spam and spreading malware) as well as around his inauguration.
Trend Micro™ Smart Protection Network™ protects customers from this threat by blocking user access to the malicious websites that host the malicious files. It also detects and prevents the download of TROJ_BUZUS.BTA and TROJ_BUZUS.BTB via the file reputation service.