Computer Security Scammers use Obama vs. Romney Campaigns to Spread...

Scammers use Obama vs. Romney Campaigns to Spread Political-Baited Malware Threats

There is no doubt that this year's presidential election will be one to go down in history as one of the closest races. Not to mention, the 2012 presidential election is the most talked-about and blogged subject matter on the Internet and cybercrooks are eagerly waiting to cash in on political baited online threats.

Barack Obama and Mitt Romney, according to recent polls, are almost in a dead heat against one another for being the free world leader for the next 4 years. Also, in a virtual dead heat, is the number of bad URLs related to each candidate when it comes to bad sites targeted to spread malware.

The security researchers at TrendLabs have monitored election-related keywords and have found a large percentage of them to be hits to malicious sites. Despite the actual presidential race being almost a tie between Obama and Romney, President Obama leads the way when it comes to the candidate with the most malicious hits tied to his name. Romney, steadily gaining steam in the bad URL hit count per week (Figure 1. Below), is in second place.

Figure 1. Bad URL Count Per Week July-September 2012 – source: TrendLabs
obama romney bad urls rate chart

When compared to Romney, President Obama has been the leader of the free world for almost 4 years. His name is naturally expected to have a lead over Romney's, especially considering Romney's candidacy was just announced in August of this year. Looking at the type of threats and the potential victims of political baited bad URLs related to 'Obama' keywords, we see that most of them, about 71% according to TrendLabs (Figure 2.), originate from the United States. Romney, on the other hand, was found to be a targeted keyword for bad URLs accounting for only 57% in the USA (Figure 2). That is a difference of 14% between Obama and Romney, when it comes to targeted bad URLs in their home country.

Figure 2. Top 5 Victim Countries of 'Obama' & 'Romney' Bad URLs – Source: TrendLabs
obama romney bad urls keywords country chart

It comes to us as no surprise for the USA harboring the majority of bad 'Obama' and 'Romney' targeted URLs. Afterall, the upcoming election is for selecting the next President of the United States. Contrary to the findings, over 22% of the bad URLs account for other parts of the world including Asian and European countries. The majority of the type of 'Obama' political baited threats was found to be 'disease vector' URLs (Figure 3.), or ones programmed to eventually download malware onto computers. For Romney, disease vector threats account for 64% of bad URLs (Figure 3.). These particular sites could be ones that distribute rogue antispyware or rogue antivirus programs, which we know are designed to conduct aggressive money extortion techniques.

Figure 3. 'Obama' & 'Romney' Bad URLs Distribution By Type – Source: TrendLabs
obama romney bad urls keywords malware types

Digging deeper into the political baited bad URLs, researchers have uncovered several types of specific Worm threats, WORM_VOBFUS.SMAC, WORM_VOBFUS.RU, WORM_MSIL.BR, WORM_SILLY.SS. Many of these threats have been circulated from political baited bad URLs in the form of PDF files and executables (Romney V. Obama Tax Policies.pdf, Drunken Obama.exe). Many of the identified worm threats are known to spread through removable drives possessing AUTORUN functions.

What we can take away from this recent report and findings by researchers, is that the November 6th presidential election will have a real winner and loser while the malware world will gain two winners by exploiting the most talked-about news subject on the planet. It is advisable that computer users be cautious leading up to and after this year's presidential election when it comes to searching the Internet for either candidate.

Loading...