“Obama Quits” Spam Harvests PCs for Zombie Botnet

   1/19/2009 |  1/19/2009 |  Leave a comment
Categories: Spam, Virus & AntiVirus
The Internet Patrol default featured image
Share the knowledge

The Waledec botnet is using spam that claims that “Obama Quits”, explaining that “Barack Obama abandoned sinking ship” and that Obama doesn’t want any more to be president, in order to lure unsuspecting users to add their PCs to its group of zombied computers that it uses to do its dirty work. Other subject lines include “Who Will Be Our President Now?”, “End time for the USA”, and “Haven’t you heard latest news about our president-elect?”

The spam explains that “Barack Obama’s inauguration that was planned on 20th January 2009 is under the threat of failure,” and goes on to say that “On the Eve of Inauguration Day President-elect Barack Obama made statement. He declared that he is definitely NOT ready for this position. Analysts say that Barack Obama has refused to be next president because he recognized inconsistency of his plan of stimulating USA economy.” (Note the broken and poor English.)

The “Obama Quits” spam takes the user to a plausible-looking website which talks all about how Obama has decided to reject the highest office in the United States, and links to a file that is supposedly his speech on the subject. The file bears names such as ‘barakspeech.exe’, ‘obamaspeech.exe’, ‘statement.exe’, ‘obamanews.exe’, ‘president.exe’, ‘barack.exe’, and ‘usa.exe’.

A pretty safe rule is never download something with an .exe at the end, although that rule alone won’t keep your computer from being taken over.

According to Phil Hay, of security firm Marshal8e6 TRACE Labs, “The web site that these spam messages link to looks official and convincing at first glance. Closer examination reveals numerous spelling and grammatical errors on the site which could alert wary email users that this is a trick. Unfortunately we expect that many users who are lured to these sites will invariably click on the link and infect themselves.”

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Some of the domains that are implicated in the “Obama Quits” Waledec botnet sweep include superobamaonline.com, greatobamaguide.com, and superobamadirect.com.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 

More from the Internet Patrol:

Best Way to Beat Spam with Outlook 2003?
Scammers Using Email Confirmations to Send Their Spam
Don't Fall for the EZ Pass Spam
What Does the Trans-Pacific Partnership (TPP) Mean for Spam?
King of Spam Scott Richter Steps Down from Throne and Pays Microsoft $7million
Is the Internet on Life Support? Unraveling the Dead Internet Theory for the Average Joe
USAA Spoof Spam Lures USAA Members with Hacked Credentials
Robo Revenge App: Can You Really Make Money by Threatening Robocallers? All Signs Point to Yes

Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.