CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 27th, 2009

My.BarackObama.com Infects Visitors With Trojan

A website associated with President Barack Obama is exploited by miscreants in order to distribute Trojans. The new president’s use of Web 2.0 technologies is being misused in a fake video codec scam centered around My.BarackObama.com, an online community for supporters of the new president.

Websense Security Labs has detected that malicious hackers have registered multiple bogus user accounts on My.BarackObama.com (an online community for citizens to rally behind President Obama), in order to spread malicious code around the Web. A My.BarackObama.com social-networking account empowers the user with tools to join groups, raise funds, and even create blogs. The option to create your own blog is a common feature provided by most of the popular Web 2.0 social sites today, driven by user-generated content.

In the Obama campaign, malicious hackers created blogs on My.BarackObama.com with a fake YouTube image, enticing visitors to “Click here to see movie”.

Clicking on the link leads to a Web site using YouTube’s template for viewing online videos, filled with pornography. Clicking on the video to view results in the Web site prompts the browser to download a supposedly required video codec, which is really a malicious Trojan .exe.

The malicious campaign doesn’t end there. Since BarackObama.com is a highly visible, reputable, and popular Web site with almost 9,000 other sites linking to it according to Alexa, malicious hackers have been spraying these BarackObama.com URLs all over the Web by injecting them onto blog comment forms, and various user-generated content management systems. Visitors who double-click on this downloaded .exe will also be infected with a Trojan.

Share this item with others:

More on CyberInsecure:
  • Lenovo Support Website Loads Malicious IFrame, Infects Visitors With Trojan
  • Nobel Peace Prize Website Compromised, Infects Visitors Through Zero-Day Firefox Vulnerability
  • Scareware Malvertizements Approved By Google And Microsoft Ad Systems, Served On msnbc.com, mail.live.com
  • Internet Explorer 0-day Malware Infects Amnesty International Hong Kong Website Visitors
  • SQL Attacks Still Inject Websites Including Government Sites In US, UK

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: My.BarackObama.com Infects Visitors With Trojan

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word