As we all know, this election is full of firsts. But this election is also probably the first time that a presidential candidate's name is being bandied about as a lure for a piece of malware.
While there was a similar episode back in June, just this past week, a new spam e-mail began floating around.
The e-mail is titled "Obama Sex Video!!!" (or sometimes "Barack Obama sex story with girl"), appears to come from email@example.com (alternatively: firstname.lastname@example.org) and includes the following scintillating text:
Sensation!!! United States Senator for Illinois Barack Obama in 2007 was travel to Ukraine and have sex action with many ukrainian girls! You may view this private porno in a flash video. Download and view now. Please send this news to your friends!
Obama it's not right choice!!!
If the deluge of exclamation points and the faulty English don't throw you and you end up clicking the included link, then the fun begins.
Of course, it only works if you're on a Windows machine (on a Mac, you're completely unaffected). Then you'll be treated to an amateur porn video (obviously not starring Obama) while the Mal/Hupig-D Trojan horse virus installs surreptitiously onto your computer. This virus has been known about for some time now, and Sophos, one of the first anti-virus companies to report it, claims that it has offered protection against that strain since April 2008. Another company, WebSense, makes a similar claim of protection.
The worst part, writes Adam J. O'Donnell, a computer security researcher, is that this virus isn't very technically sophisticated, but the spammers and malware writers are definitely aware of what will grab people's attention.
The reality is that the time invested in developing a slight modification to an existing piece of malware and a new spam pitch provides far more bang for the buck in terms of newly compromised computers than developing an exploit for the vulnerabilities covered by this week's patches.
The sad truth is that software is fixable at a low cost while human weakness is not. Software security is steadily improving due to better engineering processes, developer education, patch management, and code analysis tools. User education has been nowhere near as effective as naïveté regarding information security ever so slowly decreases.
[Hat tip: Farhad Manjoo]