RealTime IT News

Get Ready for Inauguration Spam

Obama inauguration spam
Photo credit: Reuters
As the nation prepares for tomorrow's historic inauguration of President-elect Barack Obama, antivirus vendors are gearing up for a flood of spam and malware-laden Web sites that aim to capitalize on the event.

Malware authors have long been eager to leverage interest in current events, most recently the fighting in Gaza. Last fall, it was the Olympics. Now, security experts say they're found a new target.

"We'll see a notable amount of spam coming through connected to the inauguration," Lysa Myers, director of research at antivirus vendor West Coast Labs, told InternetNews.com. "There will be a lot of things like sites hosting what's supposed to be a video of the inauguration, and they'll try to get visitors to download some sort of malware in order to view videos."

The attacks are already on their way. One effort combines a fake Web site and misleading links that lead to sites containing malware. The site, superobamadirect.com, is designed almost identically to Obama's own site and contains links purporting to lead to news stories. Instead, they direct visitors to malware.

It's a common style of attack for malware distributors. Attackers routinely seed blogs and blog comments with links that claim to lead to news or videos about major world news or celebrities, seeking to parlay their topic into clicks and higher search engine positioning. That's in addition to the age-old methods of sending those links in e-mail spam. In either case, instead of going to news, the links send clickers to Web sites hosting malware.

Using a similar approach, hackers hit professional networking site LinkedIn, recently putting up a fake profile with links claiming to take visitors to nude videos of a celebrity. Clicking on the links instead redirected visitors to a site containing malware.

They also hit Google (NASDAQ: GOOG) Blogspot, putting up celebrity-related blogs with links that take visitors to sites offering malware posing as antivirus software -- a category of malware known as scareware.

The war has begun

Stephan Chenette, manager of security research at Web security products vendor Websense, told InternetNews.com that he's seeing evidence that malware authors are ramping up other inauguration-related attacks, like sending messages that contain links to scareware-hosting Web sites. Their attacks also include spamming blogs and blog comments with links, which Chenette calls "Webspam."

Chenette predicted that Obama's supporters will be especially exposed to the threat because of their heavy online activity.

"Barack Obama's fan base are extreme users of the Web," he said. "They're used to blogging, reading blogs and comments, and clicking on links."

Obama has already proven great fodder for spammers. Just one day after his Election Day victory, they began sending out e-mails in English and Spanish with links purporting to show a video interview with his advisors. Those links instead led to compromised sites.

Despite the fact that most Internet users have long been hearing warnings about not clicking on links from unknown senders, such methods continue to proliferate, experts said.

Meanwhile, Chenette said the Webspam attacks work through search engine "poisoning" -- by hitting blogs and sites with links on a popular subject, an attacker improves his links' search engine rankings. These sites then appear more prominently in future searches, further broadening their reach.

[cob:Special_Report]"It's sad but true that those fake links will get people to click on them, even though everyone should know better," Dave Marcus, security research and communications director of antivirus vendor McAfee (NYSE: MFE), told InternetNews.com. "The same kind of tactics yield results for the bad guys time and time again."

Marcus warned people to beware of e-mails with subject lines related to the inauguration, and to be careful to go only to the Web sites of legitimate news organizations -- and even then, only doing so directly.

"Don't click on a link to CNN.com," he said. "Go to the Web and key in the URL by hand. That will take a grand total of a few seconds."

Like other vendors, McAfee is gearing up for a flood of spam next week. "We're going to be watching the whole malware landscape very closely, looking at feeds and so on, to catch as much that's inauguration-based as possible and get the word out as quickly as possible," Marcus said.

"It's a historic event, so there's going to be a corresponding amount of malware to prepare for."