Threat Advisory: Use Caution When Searching & Donating Online | Threat Research

Internet Users Fooled into Downloading Malware from Spoofed Presidential Candidate Websites

BOULDER, CO - November 1, 2007

Webroot Software, Inc., a leading provider of Internet security software for the consumer, enterprise and SMB markets, today urged Internet users to use caution when searching online for information on presidential candidates. Webroot has detected links to malicious software downloads from spoofed presidential candidate websites.

"With campaigning in full swing for the 2008 presidential election, we are beginning to see an increase in spoofing right now. Internet users need to think about protection and good habits when surfing online for candidate information or donating," said Mike Irwin, COO, Webroot Software. "Because cyber criminals are targeting the most heavily trafficked websites, voters seeking candidate information have to use caution when visiting these sites. Do not download applications such as screensavers or videos unless you know they are coming from a trusted source. Voters need to realize that this type of behavior will make them more susceptible to an attack from hackers."

Most users will encounter these fraudulent websites when conducting a search using popular search engines. They will either unknowingly select a wrong URL from a list returned from a search, or have a slight misspelling of a name that will lead to one of these spoofed sites. These sites are designed to appear as legitimate candidate web pages and lure visitors to click on links, donate or download screensavers or videos. Once clicked, the links can then download a variety of spyware. One popular version is a Trojan horse known as Zlob that can then deploy unauthorized spyware to provide remote access to a computer for spamming attacks, to capture keystrokes, steal passwords or take over a users’ identity.

Webroot recommends that Internet users only download presidential candidate information from trusted, secure websites, such as the official candidate’s website. Additionally, the company suggests users run updated versions of best–of–breed antispyware and antivirus solutions and to scan their entire system at least once a week. There are a few simple things Internet users can do right away to help prevent further spyware infection:

  • Update your operating system and security patches regularly
  • Increase your browser security settings
  • Only download software from sites y1ou trust
  • Use antivirus protection and a software firewall
  • Always include a best–of–breed antispyware
  • Use privacy software to remove passwords and IDs after using them
  • Install only mainstream software and read the End User License Agreement (EULA)

"We initially saw these types of spoofs surrounding the Barack Obama and Ron Paul websites," added Irwin. "But we are finding that the spoofs intensify at the end of the month and will expect to see them intensifying as the candidate sites begin to see more traffic during the later phases of the campaign or during major fund–raising drives."

For a complete list of the official campaign Website, please see below.
The Official 2008 Presidential Candidate Websites

Joe Biden:
Sam Brownback:
Hillary Rodham Clinton: Rudy Giuliani:
Chris Dodd:
Mike Huckabee:
John Edwards:
Duncan Hunter:
Mike Gravel:
John McCain:
Dennis Kucinich: Ron Paul:
Barack Obama:
Mitt Romney:
Bill Richardson: Fred Thompson:


ウェブルートは Smarter Cybersecurityのソリューションプロバイダです。インテリジェントなエンドポイント保護および脅威インテリジェンス・サービスによって「モノのインターネット」(IoT=Internet of Things)のセキュリティを実現。クラウドベースで予測型の総合脅威インテリジェンス・プラットフォームを活用することによって、コンピュータ、タブレット、スマートフォン、そしてあらゆるデバイスをマルウェアや他のサイバー攻撃から保護しています。高い評価を受けているSecureAnywhereインテリジェント・エンドポイント保護とBrightCloud脅威インテリジェンス・サービスは、世界中で数千万台以上のエンドユーザ、企業、エンタープライズ機器を守っています。ウェブルートのテクノロジーは、業界トップリーダーであるCisco、F5 Networks、HP、Microsoft、Palo Alto Networks、RSA、Arubaなどのソリューションに採用され、高い信頼を得ています。本社を米国コロラド州に置き、北米、欧州、アジア環太平洋、日本でビジネス展開しています。Smarter Cybersecurityの詳細はウェブサイト をご参照ください。