Scammers have seized on the presidential election to launch a major malware campaign that tries to trick users into installing an update to Adobe's Flash, but actually plants a Trojan, security experts have warned.
The malware blitz stems from spam messages touting Barack Obama's victory, and offers up a link to what is supposedly a site sporting election results. When users click on the link, however, they're shunted to a fake site that demands the user install an update to Adobe's Flash Player before viewing a video.
Rather than a Flash update, what's downloaded is a Trojan horse that compromises the PC then floods the machine with more malware, said Dan Hubbard, vice president of security research at Websense.
"This is very coordinated," said Hubbard of the Obama-themed attacks, "with evidence that they planned this, then waited for the election results."
According to Hubbard, the hackers registered 15 to 20 domains on Tuesday to host the malware and fake site. All the domains are on so-called "fast flux" servers, Hubbard added, referring to the practice in which criminals rapidly switch domains between multiple IP addresses.
Identity thieves often use the fast-flux tactic as a way to stay ahead of the law, and prevent their servers from being shut down.
Hubbard called the attacks "the largest malicious email campaign going," adding that Websense had tracked 100,000 individual copies of the scam message so far.
Meanwhile, rival researcher Graham Cluley of Sophos said his company put the volume at 60 percent of all the malicious spam on the Internet. "This is taking advantage of 'Obama mania'," said Cluley, a senior technology consultant with the UK-based security firm. "He's easily the most famous person on the planet, and the fascination with him isn't just in the US. It's global."
"This is just the latest evolution of the campaigns we've seen in the past," said Cluley. "Obama is the hottest celebrity, isn't he?"
Hubbard and Cluley also agreed on one more thing: This is just the beginning of Obama attacks. "You would expect another wave, or a copy-cat of this, maybe with another fake news story," said Hubbard.
"This is far from the last piece of malware we'll see abusing Obama," Cluley echoed. "Users need to remember not to click on links."