SOURCE: Websense, Inc.

November 05, 2008 14:40 ET

REPORT: Cybercriminals Exploit Barack Obama Victory

Websense First to Discover Malicious Email Campaign With Multiple Variations; Websense Web Security and Email Security Customers Are Protected

SAN DIEGO, CA--(Marketwire - November 5, 2008) - Websense, Inc. (NASDAQ: WBSN), a global leader in Web, data and email security solutions, reported today that the Websense® Security Labs™ ThreatSeeker™ Network has discovered cybercriminals seeking to capitalize on the results of the 2008 US presidential election with a mass malicious email campaign.

Attackers are sending several variations of malicious email lures throughout the world directing recipients to click on links to view videos showing an interview with the advisors to the U.S. President-elect Barack Obama or view a portion of his acceptance speech. Clicking on the links directs users to malicious Web sites that infect them with information-stealing malware. In some variations of the email attack cybercriminals are using well-known publishing names such as Time Magazine and La República (Peru) in the email subject line to encourage users to click on the links. Websense Web security and email security customers are protected from these attacks.

"The U.S. election has been closely watched by people worldwide making it an ideal topic to use as a lure by cybercriminals seeking to steal information from unsuspecting victims," said Dan Hubbard, chief technology officer at Websense. "We are seeing many variations of this attack and the numbers of emails are growing by the thousands by the hour."

Some of the email attacks contain links to a file called 'BarackObama.exe' which is hosted on a compromised travel site. The file is an information-stealing Trojan Horse downloader. Upon execution, files called "system.exe" and "firewall.exe" are dropped into the victims' system directory and a phishing kit is unpacked locally, dropping files bound to startup. The 'hosts' file is also modified.

In another variation, victims that click on the link go to a purposely registered domain which advises them to install the latest version of Adobe Flash player before the video can be viewed. The malicious Web site actually links to a file called 'adobe_flash.exe' which is really a Trojan Horse packed with ASPack. Upon execution, a rootkit is installed on the compromised machine, and the victim's data is sent to multiple command and control servers.

All Websense solutions are powered by the Websense ThreatSeeker™ Network which continuously monitors the Internet for changes and emerging threats like the current attack. The resulting intelligence is immediately incorporated into the company's Web, data and email security solutions. As a result, Websense solutions adapt to the rapidly changing Internet threat environment at speeds not possible by traditional security solutions.

Organizations interested in free evaluations of Websense solutions should visit:

About Websense, Inc.

Websense, Inc. (NASDAQ: WBSN), a global leader in integrated Web, data and email security solutions, provides Essential Information Protection™ for more than 43 million employees at more than 50,000 organizations worldwide. Distributed through its global network of channel partners, Websense software and hosted security solutions help organizations block malicious code, prevent the loss of confidential information and enforce Internet use and security policies. For more information, visit

Websense and Websense Enterprise are registered trademarks of Websense, Inc. in the United States and certain international markets. Websense has numerous other unregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners.

Contact Information