Sex sells. So does politics. When the two go hand in hand, it makes for perfect fodder for social engineering.
This time, researchers at Websense Security Labs detected a new spam campaign that targets the upcoming U.S. presidential election with fake news about a sex scandal involving the Democratic nominee Barack Obama and Ukrainian women.
Users are first enticed with a socially engineered message in faltering English briefly describing the affair. The message then encourages eager victims to click on a link supposedly displaying a flash video of Obama.
"SensationUnited States Senator for Illinois Barack Obama in 2007 was travel to Ukraine and have sex action with many Ukrainian girls. You may view this private porno in a flash video. Please send this news to your friends. Obama its not right choice."
Users who take the bait will be treated to a 14 second pornographic video, taken from hxxp://homemade*snip*.com/, which will silently install malicious code on their computers as they watch. The malicious code will come in the form on an information stealing application designed to post victim's data to a compromised Finnish travel Web site.
It should go without saying that users should avoid opening unfamiliar e-mails or clicking on unknown links—especially unsolicited sensational porno sites that seem to be from Eastern Europe. Yet some will inevitably be lured. Those who fall prey to their own curiosity will likely pay a price.
It goes to show that sex will always be a lure, even if the hook is an e-mail message that appears to have been written by Borat.
You can see screen shots of the latest phishing attack capitalizing on Barack Obama here.
