NEWS FROM THE LAB - Wednesday, November 5, 2008

US Presidential Malware Posted by Patrik @ 17:22 GMT

Not a big surprise at all… a spam run distributing malware, referring to Obama's election as the new U.S. President, started this morning (U.S. time).

The e-mail looks like this:

The link points to a website that looks as if it contains a video, and to view it the user has to download a "new" flash player, adobe_flash9.exe (MD5 47c86509a78dc1edb42f2964bea86306).

We detect this as Trojan-PSW:W32/Papras.CL which is a trojan that hides itself using a rootkit. The trojan attempts to steal confidential information from the computer and upload it to a server in Ukraine.

Editor's Note: There is in fact a new version of Adobe Flash, version
But you'll want to download it directly from http://get.adobe.com/flashplayer/.

Update: Sunbelt has listed additional subjects used by this spam.