IT security and control firm Sophos is warning computer users to be on their guard against unsolicited emails following a widespread spam campaign that claims to contain a link to a sex video of Barack Obama.
Sophos staff note that cybercriminals are never slow to jump on an opportunity to spread their malware and this is no exception. However, users that click on the link will not see the video they expected, but will download a Trojan horse known as Mal/Hupig-D onto their computers – giving the hackers access to confidential information which can be used to commit identity theft.
Samples intercepted by Sophos reveal that the emails claim to come from [email protected], and have the subject line ‘Obama sex video!!!’. The email reads as follows:
‘Sensation!!! United States Senator for Illinois Barack Obama in 2007 was travel to Ukraine and have sex action with many ukrainian girls! You may view this private porno in a flash video. Download and view now. Please send this news to your friends!
Obama it’s not right choice!!!’
"The US presidential fight is certainly heating up, and this malware is probably the first in a string of attacks designed to pique the victims’ interest and trick them into clicking on the URL," said Graham Cluley, senior technology consultant at Sophos. "This is one of the oldest tricks in the book, but it’s obviously still working or the cybercriminals wouldn’t use it anymore. All computer users need to exercise caution when checking their emails and not get carried away with what seems to be a scandalous story – if you receive an unsolicited email like this, chances are it’s malware in disguise."
Sophos staff note that normally in these types of malware attacks, the Trojan horse is simply installed rather than the promised video being shown. In this case, however, users who click on the link in the emails download an executable file which does display a pornographic video (albeit one not starring Barack Obama) as it installs malicious code in the background.
"What appears to be an amateur porn movie is displayed on the computer screen while the malware is doing its dirty work and infecting your Windows PC with spyware," explained Cluley. "If this movie is homemade, then it’s an astonishingly tasteless way to get back at your ex-partner. A video like this wouldn’t survive for more than a few minutes on YouTube, but when used in a malware attack could potentially be seen by thousands or millions worldwide."
For more information, including pictures of the dangerous email and the video that is played, please visit: http://www.sophos.com/blogs/gc/g/2008/09/10/barack-obama-sex-video
Graham Cluley’s blog at –
