Kaspersky Lab detects spam mailings exploiting US presidential inauguration
21 Jan 2009
Kaspersky Lab, a leading developer of secure content management solutions, warns users of a surge in malicious spam messages.
As of Saturday 17 January, Kaspersky Lab’s content filtration laboratory has been detecting a surge in malicious spam messages stating that Barack Obama’s inauguration on 20 January could be cancelled. A number of sensational reasons are given in the emails with a link to a website that supposedly gives more details. Almost all the site domain names contain the new president’s name and are similar to Obama’s campaign sites.
The links in the emails direct to malicious websites where users are enticed into clicking on a news link that downloads an .exe file to the user’s computer. According to Kaspersky Lab’s malware classification, the malicious program is an email worm and is detected as Email-Worm.Win32.Iksmas. The corresponding record was added to Kaspersky Lab’s antivirus databases on 17 January. In addition, the heuristic analyzer integrated into the company’s products alerts users to the file and blocks attempts to download it.
“The inauguration of the US president is one of the most hotly discussed topics around the world. Any piece of news arouses a great deal of interest. It appears that spammers have decided to exploit the presidential theme to attract as much attention as possible. This is yet another example of spammers and virus writers working together, making clever use of social engineering techniques,” says Tatyana Kulikova, a senior Kaspersky Lab spam analyst. “They have created lots of similar sites, but all of them contain the same malicious file.”
Kaspersky Lab recommends all its users to be very careful when visiting unknown sites and to update antivirus databases regularly.