Monday | 7 July, 2008
CIO

Hackers spread malware with 'Hilary Clinton' spam
Criminals 'skittish' of messing with political process -- so far.
Gregg Keizer (Computerworld) 18 February, 2008 09:28:30

Related Topics
Related Stories
  • +

    Adobe launches hosted services, adds Flash to Acrobat 03 June, 2008 09:02:44

    Adobe to launch Web site offering users free hosted services for document creation, sharing and storage
    Adobe this week is set to unveil the next version of its Adobe Acrobat software, which adds support for the company's Flash multimedia technology. The company also plans to launch a new Web site offering users free hosted services for document creation, sharing and storage.
Additional Resources
Executive Guides
Whitepapers
white paper Read up on the latest ideas and technologies from companies that sell hardware, software and services.

Newsletter Subscription

Sign up for our CIO newsletters!
Weekly coverage of the issues that impact corporate and government information
RSS Feeds

Cybercriminals may have weighed risk and reward and figured that the first isn't worth the second if they try to exploit the 2008 US presidential campaign, a security researcher at Symantec said.

At least for now.

"We've now seen just two instances of spam using political candidates to spread malicious code," said Oliver Friedrichs, director of Symantec's security response team and a writer on electoral cybercrime. "I think [hackers] are still a little skittish. The high visibility of the federal elections makes them cautious about stepping into it."

Earlier this week, researchers at both Symantec and McAfee reported a spam run that tried to trick users into downloading a Trojan horse posing as a video of Sen. Hillary Clinton supposedly shot before Tuesday's Virginia primary vote. "Hilary [sic] Clinton visited her campaign headquarters in Virginia and did satellite interviews, looking beyond Tuesday's trio of contests and touting the importance of a March 4 vote in Ohio," the bogus e-mail read. "Full video. Download it now!"

Users who clicked the embedded link, however, were faced with a file pegged "mpg.exe." That file was actually a downloader, which in turn retrieved and installed the "Srizbi" Trojan horse -- malware that turns Windows-running PCs into spam-spewing bots.

The other example of what Friedrichs has called "electoral cybercrime" was a late-October 2007 spam blast ostensibly promoting Congressman Ron Paul and his campaign for the Republican Party nomination. More than a month after that attack, which had links to the Srizbi Trojan horse like the Clinton one this week, researchers at SecureWorks linked the spam to a Ukrainian botnet.

McAfee researcher Alex Hinchliffe drew a line between this week's Clinton spam and the Russian Business Network, a notorious hacker and malware hosting network once based in Russia.

Although Friedrichs had speculated last year that the 2008 presidential campaign would see an increase in electoral attacks -- especially phishing attacks -- over the number that occurred in 2004, when there were just two reported cases, that hasn't happened yet.

Friedrichs offered a possible explanation. "The scale of an election is such that any potential disruption will clearly gather all the strength of all law enforcement," he said.

"But they haven't been afraid of phishing charities," Friedrichs said, citing the aggressive identity-theft attacks that exploited the aftereffects of Hurricane Katrina. "Maybe it's just too early. Maybe we'll see more [phishing] after the primaries are over."

A lot of money will be at stake. The campaign of Senator Barack Obama raised US$28 million online in January alone, according to news reports.

"That's a substantial amount of money. And clearly any sense of conscience or caution [on the part of hackers] might just go out the window," said Friedrichs.

Market Place
Keep up with the latest virtualization technologies. Subscribe to Computerworld's new virtualization email service today!
If Core Systems hold the unique DNA of an enterprise, what “Genome Project” do software vendors have in mind?
Rule Your SOA": SOA Governance is no side issue–but rather the key factor to overall SOA and business success
Combine all aspects of requirements, test planning, and defect management on a single quality platform.
Introducing TechWorld: The hot new site catering specifically to the men & women at the coalface of Australian IT.
 

2008 CIO Summit

19th August, 2008 Four Seasons Hotel, Sydney Developed in partnership with CIO Magazine, IDC, INTEP and the CIO Executive Council.

The world of the CIO is extremely complex and diverse. Multiple priorities demand attention and decisions are needed instantly. Individual teams need to be driven towards common goals, and businesses strive to become more mobile, agile and responsive. For CIOs, the challenge never ends.

Every year the CIO Summit identifies what is top of mind for CIOs across Australia and New Zealand, and offers insight for CIO benchmarking and vendor strategic planning alike.

Recent IDC research shows that over 59% of CIO's believe that 'to achieve their business strategies, technology should be used more aggressively than today.'

Join us on August 19th to discover how this is possible with the latest technologies including Virtualisation, Web 2.0, IP Surveillance and Software as a Service (Saas).

Click here for registration.

Click here for more information.

Please email Denyse_Robertson@idg.com.au for further information.

  • +

    CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00

    For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders.
    [ MP3 (7.32 MB) | Windows Media (5.67 MB) ]
  • +

    CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25

    For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders.
    [ MP3 (7.56 MB) | Windows Media (5.14 MB) ]
  • +

    CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00

    Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
    [ MP3 (4.90 MB) | Windows Media (4.40 MB) ]
  • +

    CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00

    Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
    [ MP3 (5.89 MB) | Windows Media (4.84 MB) ]
  • +

    CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05

    Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
    [ MP3 (6.41 MB) | Windows Media (5.13 MB) ]
  • +

    How to not have your Web site hacked like Sony's 07 July, 2008 08:23:22

    A SQL injection attack was used to plant malicious code on pages of two popular Sony Playstation games - SingStar Pop and God of War, reports security company Sophos. Hundreds of Web pages from other businesses have also been compromised.
    The US Sony Playstation Web site is the latest high-profile victim of a hacker attack on business sites that's spreading malware at breakneck pace, says a security vendor.
  • +

    AG launches review into national e-security 07 July, 2008 11:07:49

    Howard's security agenda dragged over coals.
    A review of Australia's top e-security projects lead by the Attorney-General's Department has been launched to scrutinise the Howard's government's $73 million E-Security National Agenda.
  • +

    Selling zero-day exploits has a down side 07 July, 2008 10:16:36

    There is an ongoing argument about the ethics of selling 0-day exploits on the open market: It helps if you don't sell exploits targeting the company you work for.
    Information Security can sometimes be a funny field to work in. Some days it seems as if anybody with their hands on unpublished exploit code can sell it for all they're worth, and others it seems that they are set to become the target of law enforcement and the companies the code affects. It does help if you don't work for one of the companies that is set to be affected by the exploits you are trying to sell and aren't trying to bootstrap a competing company in the process.
  • +

    'I have a lost laptop horror story for you' 30 June, 2008 10:08:14

    The devil of identity theft is in the details that follow...
    The devil of identity theft is in the details that follow: Russ Jones tells a tale of woe that isn't particularly dramatic -- or rare -- and yet it's exactly the kind of story that worries me enough to ignore my better judgment and buy identity-theft protection from my insurance provider.
  • +

    SQL attacks lobs onto pro tennis site 02 July, 2008 11:52:19

    Wimbledon perfect time for crook's criminal racket.
    Visitors to the Association of Tennis Professionals Web site have potentially been infected with spyware after apparent lax security allowed a malicious script to be injected across its pages.
CIO Webcast Innovation #8 - What are the biggest roadblocks to IT's involvement in innovation at your company?
Watch the latest latest edition of CIO Innovation which is now available for download.
Watch the webcast
Sign up to the CIO Innovation update email


CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II
Listen to the latest edition of CIO Live which is now available for download.
Listen to the podcast
Sign up to the CIO Live email
Get a job Careerone
Whitepaper
The Secrets of C-Suite Success Read Whitepaper

The Secrets of C-Suite Success

With help from the CIO Executive Council, we tap into research about successful executives. Read on to learn more about the competencies CIOs need to develop to take the corner office, where CIOs fall short — and what CEOs expect from CIOs.

Sponsored Links