NEWS FROM THE LAB - Saturday, January 17, 2009

Watch Out for Fake Obama Sites Posted by Mikko @ 10:08 GMT

In the middle of all the Downadup-related activity (see below), we're seeing spam runs trying to cash in with the inauguration of Barack Obama next week.

Mails like this have been spammed around the world:

Super Obama Message

If you follow the link (not recommended), you get to a site like this:

Super Obama

All the links point to a file called speech.exe, which is a Waledec malware variant.

The site is hosted via fast fluxing all over the world.

Super Obama

There's plenty of different domains, too. We've seen at least:

   store.greatobamaguide .com
   store.superobamadirect .com
   www.greatobamaguide .com
   www.greatobamaonline .com
   www.superobamaonline .com