What we have below are just some of what we found surrounding the elections.
First off is a file that goes by the name election card1.exe, and it looks like this:
This is actually a Trojan that VIPRE detects as Trojan.Win32.Rotinom.b (v). Once users double-click this file, it then modifies the affected system’s registry to enable its execution every system startup and hide file extensions among others.
This file could be as a result of scammers hoping to capitalise on voters in cities who can’t physically go to polling stations to vote due to Hurricane Sandy but will resort to voting using email and/or fax. The nature of this threat cannot be more timely.
We’ve also seen something called Romney_Obama_Focus_On_Key_States_on_Final_Lap.zip. When you take a look what’s inside the compressed file, here is what you’ll see:
Another executable file that uses an icon of a different file, this time posing as a Microsoft Word document file. Funnily enough, when you do execute the file, it indeed calls on both MS Word and WordPad (just in case you don’t have the other) and then shows you a .DOC article about Mitt Romney and President Barrack Obama:
The document is called Romney_Obama_Focus_On_Key_States_on_Final_Lap.doc, and it is embedded within the executable file.
Criminals have been using this “sleight-of-hand” trick on their malware for a long time. They do this to make users believe that what downloaded is just a harmless document file, not knowing that the malware already made several modifications on their system before they even start to read the article.
Of course, this trick only works if the “Hide file extension” advanced view setting is ticked.
Finally, avid YouTube viewers should be wary of what they watch and of links associated with those clips. Some use the said social media site to lead users to download and install a movie player cum download manager (We’ve written about some of those “players” here and here).
click to enlarge
What you’ll see in the actual video is a clip taken from a segment of a television news channel where in a best-selling author talks about his documentary called 2016: Obama’s America, not the teaser clip of the movie that is normally put out when they entice viewers to watch the full version for free. Below the clip is a shortened URL linking to the download page of the said movie player.
You must know that in order to watch the clip offered by the software, additional video software have to be downloaded, which you may or may not need.
Let us be mindful that for the next couple of days. I doubt that election-related threats and scams will end after the big announcement.
Jovi Umawing (Thanks to Chris for additional finds)
Leave a reply