Malware criminals are continuing to attempt to exploit the intense media coverage involving the election of Barack Obama to the U.S. Presidency. A very recent spam run has already hit American online users — now a new and different spam run targeting Latin American online users was also recently discovered.
Spammers have added some genuine global concerns in their social engineering techniques this time. Obama’s election indeed has implications for other nations besides the United States. Spammed messages, written in Spanish, carry the following message when translated in English:
Lima – With 297 votes, Barack Obama, the Democrat candidate won the presidential elections in the United States, against the 139 votes from the Republican party led by John McCain. What can Latin America expect about that?
Today the world’s eyes are focused on the United States. Most of them are Latin Americans.
Since the pending free trade agreement debate, until the promise for financial support for the drug traffic fight in Mexico, the list of items related to Latin America that are waiting for the new american president is not short.
The relationships to Venezuela’s Hugo Chavez and to Cuba’s Castro will also determine the way on which the new president of the USA will face with its southern neighbors.
BBC correspondent in Washington Lourdes Heredia talked with advisors of the main candidates when Barack Obama was elected president, to investigate what Latin America can expect on the coming years of his presidential period.
While some points in the message may be valid, the facts end there. A companion video is included in the message body, but embedded there are malicious links which lead to the download of a file detected by Trend Micro as TSPY_BANCOS.EDM.
This info-stealing malware modifies the system registry to turn an infected system into a Web server, which could make an infected computer part of a botnet. It also drops several component files detected as TROJ_BANKER and TROJ_QHOST variants.
Further, it modifies system HOSTS file to disable users from accessing certain banking websites. When the victim tries to access certain banking websites, a fake login page (identical to the original) will be displayed, Tricking the user into entering their account credentials. The entered information is then gathered, which the malware sends to a remote user through an HTTP post. The Trend Micro Smart Protection Network already detects the malicious file, and provides users with solutions for cleanup and malware removal.
The U.S. election season has witnessed several Web threats which range from plain spam to malware attacks:
It seems that until the media frenzy wanes, online users will probably see more attacks coming as cyber criminals are always keen on taking advantage of newsworthy events to achieve their respective goals.