Hackers exploit Obama site to spread malware

January 26, 2009 – 2:18 PM

A social networking site operated by the 2008 Barack Obama campaign is serving up malware to unwary visitors a full week after the tactic was reported, a security researcher said today.

My.BarackObama.com, still active after the innauguration last week of President Obama, is being used by hackers trying to dupe users into downloading a Trojan horse, said Dan Hubbard vice president of security research at Websense Inc.

The criminals have set up bogus accounts on My.BarackObama.com, which provides tools to join groups of Obama supporters, raise funds and create a personal blog hosted on the site, and they used the accounts to post blogs. When a user reaches one of the fake blogs, a YouTube-like video window is displayed; clicking on that video frame takes the user to a malicious Web site packed with pornography.

If the user clicks to view the porn, a message pops up claiming a video codec must be downloaded and installed. The executable file is no codec, but rather a Trojan horse that hijacks the PC.


You must be logged in to post a comment.