Spammers Leveraging from Hillary’s Election Campaign

On February 14, 2008, Symantec wrote on its Security Response blog about a spam message that is being sent in disguise of Hillary Clinton's election campaign. The blog said that the spam tricks users to download a video, which contains a video of Hillary Clinton's election campaign, but in reality contain Trojan - Trojan.Srizbi - as an attachment.

The subject line, reading "Hillary Clinton Video!!", promises users a video of Hillary's interview during her recent visit to Virginia and gives a link to view the same. As soon as a user clicks on the link, the Trojan gets downloaded onto the desktop of his PC and makes it a source for sending spam.

Symantec said that the link in the spam, which is masked to take off users to the google.com page, actually brings them to a malware site. When Trojan gets installed into a system, it begins to connect with series of URL that are laced with malware. Trojan also helps to download configuration files so that the same spam message can be sent to all the addresses saved in the configuration files. The spam employs rootkit techniques to conceal malicious files, network connection, and registry keys and operates in essential part mode only.

Symantec further revealed that Trojan.Srizbi scraps the Transmission Control Protocol (TCP) or Internet Protocol (IP) so that it can completely sidestep Intrusion Detection System (IDS), firewalls, and systems and network sniffer tools.

Doug Bowers, Senior Director of Anti-abuse Engineering, Symantec, said that the spam targeting Hillary Clinton as its subject matter is the first of its kind and was spotted for the first time on February 14, 2008, as reported by NETWORLD on February 14, 2008.

Doug Bowers further said that this malware containing fake "Hillary Clinton messages" can grow and multiply as November elections are approaching nearby, as reported by SCMagazineUS on February 14, 2008.

Bowers also added that it was predicted quite early by the company (Symantec) that as the election would approach, the spammers rely more on the messages that are socially engineered. The volume of these messages is expected to increase and the names of other members could be used as the election date comes closer.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 2/20/2008