Cybercriminals use non-existent ‘Clinton, IS money swap’ video to spread virus

Hindustan Times ^ | Aug 18, 2016 | IANS

[rarestia]

Cybercriminals are using a non-existent video that claims to show Democratic Party presidential nominee Hillary Clinton exchanging money with an Islamic State (IS) leader to distribute malicious spam emails.

The email’s subject announces “Clinton Deal IS Leader caught on Video”.

There is no video in the email which contains Adwind cross-platform remote access Trojan, global cyber security leader Symantec alerted on Thursday.

The email also discusses voting and asks recipients to “decide on who to vote [for]” after watching the non-existent clip.

The spam email signs off with the name of an unknown group called “Lets Save America” and a #letssaveUSA hashtag.

If the attached malware to the email gets executed, the recipient is infected with a Java remote access Trojan (RAT) that Symantec detects as Backdoor.Adwind.

It also drops a Visual Basic Script (VBS) file that allows the malware to determine which antivirus and firewall software is running on the compromised computer.

The Adwind RAT is multi-functional and cross-platform, making it possible to infect Windows, Mac, Linux and Android operating systems.

[rarestia]

Big FYI PING to the tech ping lists! This could impact some of you, since I know you’d LOVE to see something like this. Be aware!

[null and void]

FYI

[Mr. K]

I actually saw that one on facebook yesterday- just make sure you have Avast anti-virus and MalwareBytes installed

[Red Badger]

Ping!..................

[SgtHooper]

Linux!!? No way. We are repeatedly told that Linux is clean.

[rdl6989]

Thanks for the ping

[rarestia]

Java/Javascript are platform agnostic. MOST new security vulnerabilities are written to target multiple platforms through languages used across platforms such as Java.

[Nifster]

Thanks....I try and avoid most videos

[WENDLE]

Thanks

[dayglored]

Heads up to curious FReepers ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Thanks to rarestia for the ping!!

[SMARTY]

Clintons... he gift that keeps on giving!!

[Dalberg-Acton]

Does Linux execute VB script?

[Tolerance Sucks Rocks]

PING!

[Swordmaker]

An email’s subject announces “Clinton Deal IS Leader caught on Video”. However, the email is non-existent and the payload is a cross-platform Trojan called Backdoor.Adwind, which is also using a Visual Basic script to determine what anti-virus the system is using to disable it. It is supposedly capable, according to Symantec, its discoverer, of installing the appropriate version of the malware for the platform it is opened on. However, on a Mac OS X WILL recognize all currently known Trojans, including Adwind's and variations of them, and warn the users who attempt to do so, regardless of the source. Visual Basic runs only on a Windows computer, not on a Mac and since OSX's anti-malware protection is system level, it could not be easily bypassed in any case. Not much to see here for Mac users, unless you are also using a Virtual Machine on your Mac running Windows.

What IS interesting is this is Politically targeted toward Conservative, anti-Hillary computer users. — PING!

Cross Platform Security
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

[Swordmaker]

Java/Javascript are platform agnostic. MOST new security vulnerabilities are written to target multiple platforms through languages used across platforms such as Java.

Java and Javascript are two different things. Apple OS X does not come with Java pre-installed. A users has to download and install Java from Oracle if he or she (or it, these days) requires Java for some specific application. Other wise any Java application would not run. The more limited Javascript is an option that can be turned off in Safari by turning off a radio button in Safari Preferences. Javascript would only run inside the sandboxed Safari App and would not have access to any data from other apps.

[rockrr]

What IS interesting is this is Politically targeted toward Conservative, anti-Hillary computer users.

I don't think that it is that unusual. There are a lot of conservatives in the IT trade but the mindset of the sort of person who puts together this sort of malicious malware doesn't gibe with the sort of person who holds conservative views.

I does fit leftists however and targeting us isn't surprising at all. They feeeeeeeeeeeeeeel that we are as stupid as we know they are.

[Bikkuri]

I am sure, if it is not from out of country, it is coming from her backers, just to screw things up for us.... ;p

[Bikkuri]

+1

[Bikkuri]

I’ve always warned friends about JAVA.. and hate it with a passion...