Print This Issue

One Step Ahead
November 18, 2008, Volume 55, No. 13

One Step Ahead

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Hackers and Identity Thieves Cash in On Current Events

The weeks leading up to and following major events—such as a presidential election or a Phillies World Championship—are always highlighted by a peaking of interest in news and items about the event, and the Internet is always buzzing with videos, images and news items that are “virally” distributed by e-mail, websites and other electronic sources.

Unfortunately, in some cases this “viral” aspect is literally true. Hackers, spammers and identity thieves often leverage heightened interest in the news to get people to respond to e-mails or visit websites they might not otherwise consider. A case in point, as reported by the Washington Post and other major media outlets, involves a wave of spam messages containing a link to a video of President-elect Obama’s victory speech, and the site contains a picture of Obama beneath an official looking government seal and the title “America.gov”.Visitors to the site are prompted to download an “updated” Flash player before viewing the speech. Unfortunately, the site is bogus and the plug-in is a “Trojan Horse” malware application designed to steal data from the host. Virustotal.com reports that less than half of major anti-virus software products were able to detect this exploit, leading security experts to caution that when updating software, it can be dangerous to obtain updates from sites other than the vendor’s own.

As with all other forms of spam, “phishing” and the like, of course, the best advice remains: be very careful about opening attachments, visiting unfamiliar websites and downloading “free” software.


To receive weekly OneStepAhead  tips via email, send email to listserv@lists.upenn.edu with the following text in the body of the message:  sub one-step-ahead <your name>.

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.

Almanac - November 18, 2008, Volume 55, No. 13