<<< NEWS FROM THE LAB - Wednesday, November 5, 2008 >>> ARCHIVES | SEARCH US Presidential Malware Posted by Patrik @ 17:22 GMT Not a big surprise at all… a spam run distributing malware, referring to Obama's election as the new U.S. President, started this morning (U.S. time).



The e-mail looks like this:







The link points to a website that looks as if it contains a video, and to view it the user has to download a "new" flash player, adobe_flash9.exe (MD5 47c86509a78dc1edb42f2964bea86306).







We detect this as Trojan-PSW:W32/Papras.CL which is a trojan that hides itself using a rootkit. The trojan attempts to steal confidential information from the computer and upload it to a server in Ukraine.



Editor's Note: There is in fact a new version of Adobe Flash, version 10.0.12.36.

But you'll want to download it directly from http://get.adobe.com/flashplayer/.



Update: Sunbelt has listed additional subjects used by this spam.









