Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Obama Acceptance Speech Trojan Horse Warning

Summary:
Message warns recipients not to open an email with the subject "Obama Acceptance Speech" because it carries a password stealing Trojan horse (Full commentary below).



Status:
Real Trojan horse, but warning is exaggerated, misleading and outdated

Example:(Submitted, January 2009)
Subject: FW: Very, Very, Urgent, please read and pass on

Confirmed with Symantec

THERE IS AN EMAIL WITH SUBJECT LINE OBAMA ACCEPTANCE SPEECH FLOATING AROUND WITH A Trojan HORSE ATTACHMENT.

DO NOT OPEN FOR ANY REASON!!! DELETE IMMEDIATELY. THE Trojan STEALS ALL PASSWORDS AND USER IDS!!!

SPREAD THE WORD TO EVERYONE ON YOUR EMAIL LIST.

THANKS.





Commentary:
This "very, very urgent" message warns Internet users not to open an email with the subject line "Obama Acceptance Speech" because it arrives with an attachment which carries a Trojan horse that can steal passwords from the infected computer.

The core information in the warning message is true. Back in November 2008, malicious emails with subject lines concerning Obama's acceptance speech were indeed hitting inboxes and, as a result, many computers became infected with a Trojan horse that could steal confidential information, including passwords. However, although the warning message is derived from a description of this genuine security threat, it has now become exaggerated, misleading and somewhat outdated.

According to the message, the Trojan horse arrives as an attachment to the "Obama Acceptance Speech" email. However, this is incorrect. In fact, the emails contained links to a malicious website that hosted the Trojan horse. The emails tried to trick users into clicking these links, ostensibly to access a video of Obama's speech. A November 15 Washington Post article about the threat notes:
Cyber criminals are blasting out massive amounts of spam touting a video of President-elect Barack Obama's victory speech. Recipients who click the included link are taken to a site that prompts visitors to install an Adobe Flash Player update. The bogus update, however, is actually a data-stealing Trojan horse.
Moreover, the warning message includes only one of the subject lines used in these malware emails. In fact, "Obama Acceptance Speech" was just one of many subject lines used in the malware emails. Thus, the message is potentially misleading in that it warns users to watch for an email attachment when this is not how the Trojan is installed and also focuses on only one of many subject lines used.

The warning also tends to exaggerate the relative importance of this particular malware threat by claiming that it is "very , very urgent" that users read and pass on the message. In reality, the threat described is no more important or dangerous than many other malware threats. Since this threat was launched in November 2008, there have been a number of other significant attacks of equal or greater importance, including the Downadup or Conficker worm. And, so long as they are fully updated, all good anti-virus programs should now be able to detect and deal with the "Obama Acceptance Speech" malware. So, forwarding on an "urgent" warning email about just one particular malware attack among the many that continually threaten our computer security seems rather pointless, especially when the attack described took place several months ago.

A real problem with emailed virus warnings is that they tend to mutate over time and often circulate for months or even years after the threat described has long since ceased to be of any significance.

It should be noted that a second wave of presidential malware emails was distributed in January 2009 to capitalize on Barack Obama's inauguration. However, this later threat is not related to the "Obama Acceptance Speech" warning discussed here. In fact, the Internet criminals who launch these malware attacks continually use significant events such as elections, natural disasters and terrorist attacks as lures to entice victims into installing malicious, information stealing software. Internet users should be very cautious of any unsolicited "news" emails that promise more information or videos about important events via included links or email attachments.





References:
US Presidential Malware
Blizzard of US Presidential malware
<Sleeper Virus - Downadup or Conficker Worm Warnings Are Valid
Should Virus Warning Emails be Forwarded?
Breaking news about Barack Obama

Last updated: 30th January 2009
First published: 30th January 2009

Write-up by Brett M. Christensen