Trojan lurks to infect the prurient

by Iain Thomson in San Francisco

10 Sep 2008

Web monitoring firms are warning IT administrators to update their spam filters after a massive new spamming campaign was detected.

Inboxes are filling up with spam claiming to have a link to a web site that carries video footage of a sexual indiscretion committed by presidential candidate Barack Obama. It alleges to show footage of him having sex with Ukrainians after a visit to the country last year.

"Users who click the link are shown a pornographic video," said Websense. "While the video plays for 14 seconds, malicious applications are installed on the victim's machine."

The malware consists of a Trojan that allows remote control of the user's machine using an application called 809.exe in the user's Temporary Internet Files folder. It also installs a Browser Helper Object which steals keystrokes and forwards them to a server controlled by the malware distributors.