Trojan lurks to infect the prurient
by Iain Thomson in San Francisco
10 Sep 2008
Web monitoring firms are warning IT administrators to update their spam filters after a massive new spamming campaign was detected.
Inboxes are filling up with spam claiming to have a link to a web site that carries video footage of a sexual indiscretion committed by presidential candidate Barack Obama. It alleges to show footage of him having sex with Ukrainians after a visit to the country last year.
"Users who click the link are shown a pornographic video," said Websense. "While the video plays for 14 seconds, malicious applications are installed on the victim's machine."
The malware consists of a Trojan that allows remote control of the user's machine using an application called 809.exe in the user's Temporary Internet Files folder. It also installs a Browser Helper Object which steals keystrokes and forwards them to a server controlled by the malware distributors.