My.BarackObama.com’s Porn-and-Malware Problem

By  |  Monday, January 26, 2009 at 3:18 pm

An online community burgeoned out of Barack Obama’s use of Web 2.0 technologies during his campaign for the U.S. presidency. Supporters flocked to My.BarackObama.com to share blogs, videos and organized events. In the wake of that success, malicious hackers are leveraging the site in a socially engineered scheme to infect PCs with a trojan.

The hackers are embedding their My.BarackObama.com Web pages (content on the site is user generated) with links to Web sites that masquerade as YouTube, according to a report by Websense Security Labs ThreatSeeker Network. The fraudulent YouTube sites are filled with pornography, and prompt visitors to install a codec for video playback, which is really the trojan.

The good news is that today’s Web browsers don’t just automatically install software: end user interaction is required. While some people may be fooled into installing the trojan because the domain is legitimate, many will not simply because they did not recognize the My.BarackObama.com user’s Web page that directed them to it.

My.BarackObama.com is a community where people have reputations and interact with one another. I participated in the “blog wars” during the Democratic primary, and know whose URLs I would trust to click on. The trojan’s creators are plastering links to the malicious pages around the Web without regard for that community dynamic. My bet: Virus definitions will be updated to foil these scams, and they won’t spread far.

 
Comments are closed


Read more: , ,

Comments are closed.