Story image

Video of Hillary making ISIS deal: It's not real, says security expert

22 Aug 2016

Cyber security specialists Symantec is warning internet users about a non-existent video that reportedly features United States presidential hopeful Hillary Clinton exchanging money with ISIS.

The video is clickbait, Symantec warns, and contains a malicious attachment that contains an Adwind cross-platform remote access Trojan.

According to Satnam Narang from Symantec, cyber criminals are using clickbait, promising a video sowing Hillary Clinton exchanging money with an ISIS leader, in order to distribute malicious spam emails.

The email's subject reads, “Clinton Deal ISIS Leader caught on Video”. However, there is no video contained in the email, just malware, Narang says.

Adding to the enticement, the email body also discusses voting, asking recipients to “decide on who to vote [for]” after watching the non-existent clip. The spam email signs off with the name of an unknown group called “Lets Save America” and a #letssaveUSA hashtag.

Narang says Symantec found references to this hashtag on Twitter in 2013, but it appears unrelated.’

Adwind Java RAT  Attached to the email is a .zip file containing a malicious Java file. If executed, the recipient is infected with a Java remote access Trojan (RAT) Symantec detects as Backdoor.Adwind.

“We also observed two Visual Basic Script (VBS) files dropped by the malware that allow it to determine which antivirus and firewall software may be running on the compromised computer,” Narang says.

“Adwind attempts to connect to windows8pc.space, a command and control (C&C) server to download and execute additional files. This server was unresponsive at the time of this publication,” he adds.

The Adwind RAT is multifunctional and cross-platform, making it possible to infect Windows, Mac OS X, Linux, and Android operating systems.

Unsurprising distribution results “As you would expect, with 85% of recipients, the primary target for these malicious spam messages is the United States,” Narang says.

“We also observed a smaller amount delivered to the United Kingdom, Canada, and Mexico,” he says.

Narang says the United States election makes for valuable bait.

“As with most major events, the US election serves as valuable bait for malicious spam activity,” he says.

“With less than 90 days to go until Election Day, we advise everyone to keep an eye out for suspicious emails that may use either presidential candidate, Hillary Clinton or Donald Trump, as bait,” adds Narang.

“When seeking news related to the US elections only visit trusted news websites and avoid opening unsolicited emails,” he says.

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.
SolarWinds extends database anomaly detection
As organisations continue their transition from purely on-premises operations into both private and public cloud infrastructures, adapting their IT monitoring and management capabilities can pose a significant challenge.
Adura launches new SOC and MSP in Singapore
The new SOC focuses on the needs of businesses to gain insight into their organization’s security posture and increase their ability to react promptly.