After a malware dubbed as the “Obama worm” was found circulating within an Illinois elementary school’s network, security researchers traded opinions on the threat it brings about.
Most reports mainly circulated on the issue of whether the file was malicious or not, considering that it has no malicious payload other than showing the following image of the president:
Figure 1. Image of Barack Obama used in online computer prank
However, we find it more interesting how these reports are leaning towards the conclusion that a student in the affected school may have triggered the “attack,” and that it may have been done through playing around with a malware kit. In analyzing the reports we have come up with following insights:
1. Crediting the incident to a script kiddie may come as no surprise, but the fact that the setting involved is an elementary school makes things different. The idea of a grade school student having the capability of launching such an attack is downright scary. This is a reminder of how easy it can be to obtain tools needed to create a ‘decent’ malware.
2. Also, despite handling relatively non-critical data, it is important to stress that computers in schools need as much protection as with any other computer network. These systems are used by numerous students everyday, thus calling the need for protection from threats.
3. The malware involved in the incident is considered more of a nuisance due to its lack of malicious routines. Still, it pays to see through the “non-malicious” nature of this attack and reveal their potential to be a far more dangerous threat. The Smart Protection Network has accomplished this, initially detecting the code as MAL_OTORUN.
The malicious file is now detected as WORM_KARAB.A.