Presidential Campaign Videos Puts Users at Risk for Threat Infection | Threat Research

Malware Installed on Infected Computer Opens Users Up To Identity Theft

BOULDER, CO - September 29, 2008

Webroot, a leading provider of security solutions for the consumer, enterprise and SMB markets, today announced that it has detected malicious software being propagated as campaign videos for John McCain and Barack Obama. Hackers are taking advantage of unsuspecting users during the U.S. Presidential election season by utilizing the Gnutella file sharing network and seeding it with malware disguised as material relevant to the campaigns. This file sharing network is commonly accessed by clients such as LimeWire and FrostWire.

A search of the FrostWire network indicated that of the 34 search results for "Obama Speech" 14 contained active malware while five of the 19 results for "McCain Speech" were found to be harboring malware.

"Peer to peer networks pose some of the greatest security risks on Internet," said Paul Piccard, director, Threat Research, Webroot. "Because P2P networks lack the security measures found in enterprise networks or trusted Websites, users of these networks may put themselves or their companies at increased risk by downloading malicious content or leaking confidential data."

The most common malware variant spreading through this method is W32/Zipwire. Users become infected with the malware after downloading a zip file with a name such as "Democratic Convention 2008 – Barack Obama Acceptance" The contents of these zip files contain executable files (such as Setup.exe). When run, these files infect the host machine with random malware, including rogue antivirus applications, which detect fake security issues on the infected machine in order to entice users to buy the rogue application for disinfection. Other malware threats such as password stealers and backdoors can be downloaded as well, which may give a hacker remote access to the infected machine or allow them to gather personal data such as usernames and passwords.

According to the Webroot® Threat Research Center, this threat poses a number of different risks. For example, once infected the computer can be accessed remotely, which allows for the potential installation of new malware. These could include system monitors that spy on the user in an attempt to gather the information needed –including social security numbers, bank accounts, home addresses and more - to steal their identity.

"Webroot is focused on identifying emerging threats so that we can help consumers avoid being attacked and compromised," said Paul Lipman, Webroot’s senior vice president and general manager of Consumer Business. "However, hackers are constantly evolving their attack vectors so it is essential for PC users to have best-in-class antispyware, antivirus and firewall software installed on their computers to ensure that their personal and confidential information is safe."

Webroot recommends several steps to users to prevent this type of malware attack:

  1. Always have a current version of antispyware, antivirus and firewall product;
  2. Never download free product or purchase them from unknown Web sites and vendors, or peer to peer networks;
  3. Never click on a link while visiting a peer to peer site;
  4. Never purchase a product that is the result of an unknown alert;
  5. Make sure the computer is up-to-date by always installing new Microsoft or Apple security updates;
  6. Make it a point to check your credit through one of the three credit bureaus; and,
  7. Use a credit card that has sufficient fraud protection and never use a debit card online


ウェブルートは Smarter Cybersecurityのソリューションプロバイダです。インテリジェントなエンドポイント保護および脅威インテリジェンス・サービスによって「モノのインターネット」(IoT=Internet of Things)のセキュリティを実現。クラウドベースで予測型の総合脅威インテリジェンス・プラットフォームを活用することによって、コンピュータ、タブレット、スマートフォン、そしてあらゆるデバイスをマルウェアや他のサイバー攻撃から保護しています。高い評価を受けているSecureAnywhereインテリジェント・エンドポイント保護とBrightCloud脅威インテリジェンス・サービスは、世界中で数千万台以上のエンドユーザ、企業、エンタープライズ機器を守っています。ウェブルートのテクノロジーは、業界トップリーダーであるCisco、F5 Networks、HP、Microsoft、Palo Alto Networks、RSA、Arubaなどのソリューションに採用され、高い信頼を得ています。本社を米国コロラド州に置き、北米、欧州、アジア環太平洋、日本でビジネス展開しています。Smarter Cybersecurityの詳細はウェブサイト をご参照ください。