Many have watched the U.S. presidential debate last week, and while whether Barack Obama or Mitt Romney won the discussion is still up for debate among netizens, one thing is certain: the presidential campaign is on its last stretch towards the November 6th elections. One other thing that’s certain? scammers exploiting this to the very end.
Our researchers from TrendLabs have been monitoring in our Smart Protection Network feedback loop. Below is a snapshot of election-related keywords that got several hits to malicious sites:
| Keywords | # of Feedback |
|---|---|
| Obama | 26,559 |
| Romney | 4,519 |
| Elections | 806 |
| 2012 Elections | 358 |
Note that these hits are just for the past three months, and we expect it to increase as Election Day draws near. But what stood out for us is the number of hits for both candidates: apparently, when it comes to the number failed attempts to access a malicious site, Obama gets the users’ (and cybercriminals’) vote.
This shouldn’t come as a surprise, given the incumbent President has had at least four years of pop-culture mindshare under his belt compared to Romney. Remember that as early as right after he won the 2008 elections up to his inauguration, Obama was used in several social engineering baits. Going back to the three-month snapshot, it can be seen that hits to Obama has seen its share of highs and lows, while the increase in Romney was consistent around the period when his candidacy was officially announced in August.
But looking at the type of threats and who the eventual victims were, both candidates are pretty much neck-to-neck. While it is quite obvious that most victims are from the United States and Canada, interestingly, the other top countries include those in Asia and Europe.
Majority of the hits are from disease vector URLs (i.e., those that eventually download malicious files on computers) and spam-related, which was consistent with previous election-related threats.
Majority of the hits are from disease vector URLs (i.e., those that eventually download malicious files on computers) and spam-related, which was consistent with previous election-related threats.
Several malware have also taken advantage of these two candidates, as we’ve seen file names that range from the curious (Drunken Obama.exe, which we detect as ADW_MARKETSCORE), to the somewhat serious (several PDF files like Romney V. Obama Tax Policies.pdf, which we heuristically detect as HEUR_PDFEXP.E). And apart from the malicious mobile apps we’ve seen several weeks ago, based on our feedback, we’ve also seen infections from a relatively old SOHANAD worm, as well as from other AUTORUN malware (those that usually spread via removable drives) with backdoor capabilities, including the following:
So what do these tell us? This reinforces the fact that the bad guys have all the bases covered when it comes to exploiting popular events. Whoever wins come November 6th, end users will end up losing in one way or another if they’re not careful. So keep yourself informed. Get your news only from trusted sources, and make sure to have an Internet security solution installed on your devices.
Leave a reply
