Security experts are reporting a deluge of email spam since the results of the presidential race were announced last night. The email includes a link with an America.gov logo that downloads a trojan malware to the victim’s computer.

If downloaded, the software conceals itself on your computer and monitors your system for passwords. It then sends information back to a computer located in the Ukraine.

Not only does the trojan software send information back to the attacker, it can also be used to take control of your system altogether. There haven’t been any reports of these emails being related to denial-of-service attacks or botnet activity, it’s certainly possible with enough infected hosts.

There are multiple versions of the email claiming to provide news about the election. Cloudmark, an email spam software company, has filtered out over 10 million emails suspected to contain some version of the message. The company saw the number of infected messages begin climbing after 10:24 a.m. EDT today.

The email contains a message that lures surfers to a Web page that is supposed to include a video pertaining to the new. Once the page loads, it asks you to download a corrupted file that it says is an update version of the Adobe Flash plugin often used to play online video.

This is a fairly elaborate attack that combines social engineering techniques, spam and trojan software. However, the real threat of widespread infection comes from taking advantage of the historic nature of the election as a way to deceive readers.

Many of the emails claim to come from the email address news@president.com, though the address could change. The best course of action is to ignore any emails from addresses that you don’t know and trust. This simple rule can help reduce your risk of infection by many common malware threats.

Related:

Entry was posted on Wednesday, November 5th, 2008 at 10:06 pm under Antivirus, Malware, Security.

Read more entries by Dave Jeyes.
Stumble It!