Political issues are finding their way to the Web in some ugly ways, and not just in postings on The Daily Kos and Free Republic, either. One Presidential candidate is being embarrassed by spammers, the rest are being hijacked by spoofers looking to infect computers, and it would seem al Qaeda has a software development team.
Republican Presidential candidate Congressman Ron Paul (R-TX) has probably the most energetic supporters online, much to the irritation of news sites and talk radio hosts. The conservative site RedState recently banned Paul supporters from “shilling” on the site.
Far worse and more embarrassing for Paul — a representative from southern Texas who ran for president in 1988 as the Libertarian Party nominee – is a recent burst of spam flooding inboxes with subject lines like “Ron Paul Wins GOP Debate!” and “Ron Paul Eliminates the IRS!” or “Vote Ron Paul 2008!”
Would a presidential candidate, even one stuck in the single digits in opinion polls, actually resort to using a botnet
Fox News seems to think it’s being done by Paul supporters, but Benton figures it’s “just trolls trying to discredit our campaign and make us look bad.” He added “I think this is so clearly not connected to our campaign, and anyone who wants to take an intelligent look at this will see it for what it is, and we’re not losing any sleep over it.”
Fake Presidential Sites
More serious is a warning from Webroot Software, maker of the popular Spy Sweeper anti-spyware software, of spoofed presidential candidate Web sites. It’s been a common scam to set up domains with minor misspellings of popular sites, like “goggle.com” or “amazn.com” and then redirect people to things like porn sites and the like.
But in this case, Webroot found the links to sites pretending to be official home pages of presidential candidates were leading to sites with malicious software downloads. Webroot found the sites had links for donations, screensavers or videos. Once clicked, the links can then download a variety of spyware and Trojans.
“We initially saw these types of spoofs surrounding the Barack Obama and Ron Paul Web sites,” said Mike Irwin, COO of Webroot, in a statement. “But we are finding that the spoofs intensify at the end of the month and will expect to see them intensifying as the candidate sites begin to see more traffic during the later phases of the campaign or during major fund-raising drives.”
Electronic Jihad 2.0
On the nastier side of things, it seems even terrorist can have a software development arm. The Israeli security site DEBKAfile recently posted an alert that al Qaeda-affiliated sites have promised a cyber attack on November 11, aimed at 15 Western, Jewish, Israeli, Muslim apostate and Shiite Web sites.
DEBKAfile said the attack is being done in retaliation over Western intelligence operatives crashing al Qaeda sites. What’s remarkable is there’s a “product” behind this planned attack, called Electronic Jihad 2.0. The software receives a list of targets two hours before a planned launch and then unleashes a distributed denial of service attack (DDOS)
Paul Henry, vice president of technology evangelism for Secure Computing, has a copy of Electronic Jihad in the Secure Computing labs and describes it as “script kiddie-level software,” but adds that “it is workable.” Unleashing a denial of service attack always exposes the attacker to being traced back, but in this case, Henry said it could all be for naught.
“If it’s an Internet café or wireless network or compromised computer, it doesn’t do you much good to trace it back, and you’ve got to look at the cybercrime legislation in the originating country. If they don’t have strict cybercrime laws, then good luck prosecuting anyone,” he told InternetNews.com.
There isn’t much that can be done in advance, since the targets are unknown, except to examine one’s security policy and be ready with an out of band pipe to send the blacklist to one’s Internet access provider. Even if a company rejects the attacks at its gateway, it can be enough to overwhelm the servers and shut down the Web site, said Henry.
With out of band methodology, it’s possible to send a black list of attackers upstream to a service provider. That way, the attacks never get down to the site’s servers. They are stopped at the ISP level.