The Latest in IT Security

Of Elections and Shenanigans

06
Nov
2012

Today is that fateful day: Election Day. And we’re not short of seeing shenanigans related to this big event that online criminals and scammers have been taking advantage of for months.

What we have below are just some of what we found surrounding the elections.

First off is a file that goes by the name election card1.exe, and it looks like this:

This is actually a Trojan that VIPRE detects as Trojan.Win32.Rotinom.b (v). Once users double-click this file, it then modifies the affected system’s registry to enable its execution every system startup and hide file extensions among others.

This file could be as a result of scammers hoping to capitalise on voters in cities who can’t physically go to polling stations to vote due to Hurricane Sandy but will resort to voting using email and/or fax. The nature of this threat cannot be more timely.

We’ve also seen something called Romney_Obama_Focus_On_Key_States_on_Final_Lap.zip. When you take a look what’s inside the compressed file, here is what you’ll see:

click to enlarge

Another executable file that uses an icon of a different file, this time posing as a Microsoft Word document file. Funnily enough, when you do execute the file, it indeed calls on both MS Word and WordPad (just in case you don’t have the other) and then shows you a .DOC article about Mitt Romney and President Barrack Obama:

click to enlarge

The document is called Romney_Obama_Focus_On_Key_States_on_Final_Lap.doc, and it is embedded within the executable file.

Criminals have been using this “sleight-of-hand” trick on their malware for a long time. They do this to make users believe that what downloaded is just a harmless document file, not knowing that the malware already made several modifications on their system before they even start to read the article.

Of course, this trick only works if the “Hide file extension” advanced view setting is ticked.

We’ve also seen a lot of legitimate web sites pages out there that use tags like “election” and “obama” that serve malicious codes (iframe tags leading to .ru websites and obfuscated JavaScript). Please be wary when you visit election-related sites.

click to enlarge

Finally, avid YouTube viewers should be wary of what they watch and of links associated with those clips. Some use the said social media site to lead users to download and install a movie player cum download manager (We’ve written about some of those “players” here and here).

click to enlarge

What you’ll see in the actual video is a clip taken from a segment of a television news channel where in a best-selling author talks about his documentary called 2016: Obama’s America, not the teaser clip of the movie that is normally put out when they entice viewers to watch the full version for free. Below the clip is a shortened URL linking to the download page of the said movie player.

You must know that in order to watch the clip offered by the software, additional video software have to be downloaded, which you may or may not need.

Let us be mindful that for the next couple of days. I doubt that election-related threats and scams will end after the big announcement.

Jovi Umawing (Thanks to Chris for additional finds)

Leave a reply


Categories

SATURDAY, SEPTEMBER 23, 2017

Featured

Archives

Latest Comments

Social Networks