January 27, 2009

Malicious links on President Obama's website

First it's fake Barack Obama websites spreading malware now the REAL BarackObama.com website is responsible for pushing the stuff. To be clear, it's not President Obama's people pushing it, it's a registered user of their site. Attackers are using one of the sites features called Community Blogs to place malicious links on the site.

A recent attack that I looked at featured what appears to be a embedded video but when you click it you are redirected through a couple different sites finally to a site selling rogue/fraudulent security software and trojans.

Another unfortunate example of the dangers of Web 2.0 and while this technique of using blogs to spread malware is not new (Google dev site, Twitter, 2005, German Wikipedia) I expect to see it grow in popularity due to how effective it's proving. Oh joy.

More...
http://news.softpedia.com/news/Barack-Obama-039-s-Website-Used-to-Push-Malware-102977.shtml
http://securitylabs.websense.com/content/Blogs/3284.aspx

January 19, 2009

Fake US Presidential Inauguration and Obama Websites

Fake Barack Obama blogs and websites are being used to infect computers with a worm called Waledac. This worm appears to be from the same makers of the Storm worm according to several in the security community including Jose at Arbor Networks.

An example is hxxp://www.bestbaracksite.com/
(WARNING: Malicious site).

When visiting the site visitors see graphics and blog entries that look real and while they read the entries silently a drive-by install is placing malicious code on their system. All the links on the website point to a malicious EXE download as well. This site, by the way, is using "fast flux" DNS to avoid takedown and appears to be hosted on a botnet as some of the IPs appear to be home DSL/cable modem customers.

With the US presidential inauguration tomorrow I expect to continue to see a rise in this type of attack and recommend you check your web proxy logs for any domains with the following words in them:

barack
obama
presidential
inauguration

January 12, 2009

Guide to Protecting Yourself on Facebook

There is a great guide about how to protect yourself on Facebook written by a friend and security colleague of mine, Tom Eston. Tom has alot of experience researching social networking and has some really great tips that could be applied to Facebook or any social networking site.

Highly recommend you check this guide out and send it to your friends and family. Get it from his blog here:
http://spylogic.net/item/370