Shortly after having known the results of the US presidencial elections, the cyber-crooks have used this topic to distribute malware in spam messages.
One of these malicious emails seems to be sent from an online newspaper from Peru. Its content is in Spanish and talks about the results of the US elections and invites users to view a video addressed to the Latin community.
The video is actually the file "BarackObama.exe" which has been detected as Banker.LLN. This malicious code modifies the file HOSTS of the infected computer, redirecting the http connections of some websites belonging to one of the biggest banking entities from Peru to the local IP address local 127.0.0.1, in which a fake page of the bank is displayed in order to obtain our access data.
Another example of this kind of spam is the one informing that Barack has become the 44th US president and the first Afro-American president. This email contains a link to a fake website that seems to have the America.gov domain. Besides the mentioned piece of news, we can view a video but an adobe flash update (adobe_flash9.exe) is required to view it. However, this file is not an update but the malicious code.
This malware consists of Trj/Spyforms.BQ and the rootkit detected as Rootkit/Spyforms.BR in order to hide the worm component. It is designed to capture the network traffic and harvest information related to ftp, icq, pop3, imap connections, etc…
We recommend you to be cautious when accessing the links included in these type of emails, because besides being unwanted emails, they can compromise our privacy.