Following American electoral politics means taking everything you read about the candidates with a grain of salt, and nowhere is that more evident than in poorly written chain emails.
A recent scam promises juicy video footage of Democratic presidential nominee Hillary Clinton taking money from terrorist group ISIS, but the promised incriminating attachment delivers only malware instead. This one is easy to avoid and easy to address, but if you fall for it, the shame might be hard to endure.
Mountain View, California-based security firm Symantec posted about the embarrassing scam on its Security Response blog. Users receive an e-mail entitled "Clinton Deal ISIS Leader caught on Video," inconsistent capitalization and all. The message claims that Clinton engaged in shady dealings with ISIS in 2013, and a video of the dirty deal is purportedly attached.
"After watching the video clip you can then decide on who to vote," the email states. "Sentiment is not enough to choose who to vote. Lets save America Group."
Even leaving aside the atrocious grammar and phrasing, a moderate knowledge of current events would be enough to look at this e-mail askew. The roots of ISIS can be traced to Jordan in 1999, but the ISIS (or ISIL) designation barely existed in 2013, and did not start evolving toward its current form until 2014. Clinton, a private citizen since early 2013, could not have met with an ISIS leader while the leadership of the group was still fractured.
Furthermore, even with modern compression technologies, a video is generally too big to attach to an email message. Here, it comes as a ZIP file rather than a video file, which is even more suspicious. Savvy users know that ZIP files can contain anything, and often contain harmful files, especially from unsolicited senders.
Indeed, the ZIP file here contains a Java remote access Trojan known as Backdoor.Adwind. The bad news is that this malware, by itself, can snoop out your antivirus and firewall settings to learn how to counteract them. The good news is that its remote server, through which it could download additional malware, appears to be offline. In theory, though, this program could affect Windows, Mac, Linux and Android devices.
Unsurprisingly, Symantec found that 85 percent of this malware campaign's targets were from the United States, since a U.S. election scam would be of limited interest elsewhere. Other countries affected include the U.K., Canada and Mexico. It's not clear how many users in any country actually attempted to download the file, if any.
The Adwind RAT is fairly run-of-the-mill malware, and not very dangerous in its current form. A good antivirus sweep will get rid of it, but it won’t address the underlying credulity necessary to click on an attachment like that in the first place. Just bear in mind that if a presidential candidate really did commit treason, it'd probably be plastered on major news networks, not distributed in poorly written emails.