Barack Obama becomes the 44th US president after a national elections that featured several notable online threats. Picture taken from CNN.
Media buzz about frontrunners began the US Presidential elections. Then there were the nomination processes for the two primary parties, then the party conventions, the debates and campaigns, and then Barack Obama’s victory on the day of the election itself. Online threats have a different timeline altogether. They involved several other personalities and issues, and had varying levels of danger to systems – from just spam to spambots and malicious programs.
November 2007, Ron Paul Spam. The Trend Micro Content Security Team received several spammed messages campaigning for Congressman Ron Paul. This run was the earliest documented operation related to the presidential elections. It was very timely because it followed Paul’s win in a presidential debate on October 21. The messages did not carry malware. They just informed users of Ron Paul’s stands on issues, particularly the war in Iraq.
February 2008, Hillary Clinton Spam. Spammed messages early in the year claimed Clinton’s visit to the state of Virginia was documented in a video. The link to the video downloads a malware instead, which is capable of recruiting infected computers into a spambot.
April 2008, Barack Obama Spam. Email messages about Barack Obama’s “transsexual affairs” were spammed in April. Evidence of the affair is to be found in the links in the message body, but instead of a video footage users downloaded BKDR_AGENT.ABTQ instead.
Obama-Clinton Cross-Site Scripting. Also in April, users who viewed Obama’s website were redirected to Clinton’s. Researchers were able to reverse this attack, called cross-site scripting, thus exposing bugs on both sites.
August 2008, Paris Hilton for Vice President? Spammers sent messages with subjects telling users that John McCain picked Paris Hilton to be his running mate. The message body contained a picture of the heiress, and a link to the “whole movie” below it. The malicious link led users to two fake antivirus components detected as TROJ_FAKEAV.FP and TROJ_FAKEAV.FW.
September 2008, Obama Survey. Offering $500 gas gift cards to respondents, a spammed Barack Obama survey lured users to the search toolbar program, Webfetti. The webpage was hosted on a legitimate domain but contained a link leading users to ADW_MYWEBSEARCH.
October 2008, Odinga Spam. Ralia Odinga is the incumbent Prime Minister of Kenya. His name was involved in a spam run which was not related to the US elections. However, several untrue news reports early in the year claimed that Odinga is Obama’s cousin. The Odinga spam run was an avenue for the return of the WORM_VOTERAI family via WORM_VOTERAI.N. Variants of the worm were first detected in 2007 during the presidential elections in Kenya.