The US election is barely over, and already computer criminals are using Barack Obama's name to target suckers who might be persuaded to download malicious software in exchange for the promise of a few dollars.

I just received the following email, purportedly from AOL:

Dear AOL user,

After the elections, the new president asked us to rise the level of protection of AOL accounts.

All accounts will be secure and users will receive the bonus amount of 25 dollars from AOL Custumer Service.

This bonus will be allocated directly into your account after you do what you ask for the page below.

We remind you that Barack Obama is the new president. All this for a better protection and for a new America.

To upgrade your account please click the link below:


Yeah sure. Bad grammar, spelling mistakes and Barack is not even President yet, but I wonder how many AOL subscribers will still fall for this. I read on a bank security website about phishing attacks that despite people being warned time and time again never to click on links in an email that they are not 100 percent sure about, between one and five percent of people still do.

So I suppose that as AOL has about eight million subscribers, if this email reached all of them, between 80,000 and 400,000 people in the US will today be clicking on that link in the hope of getting $25 credited to their account – but will in fact only be getting a download of malware (viruses, worms, trojan horses, key loggers, etc.)

I can't understand how many people still fall for these thinly disguised scams. I suppose I should though, because even in my office there is a very senior person, intelligent and well traveled, who said to me earlier this year: “I got this email with a link to a nude video of Paris Hilton, but when I clicked on the link there was nothing there.”

I felt like tearing my hair out. No wonder his computer crashed not long after that.

And no wonder Internet security is in such a mess these days.

Here's a link to an interesting story on an IT security professional's blog (a guy by the name of Didier Stevens) who ran an experiment to see if people would click on a Google ad that said: "Is your PC virus-free? Get it infected here!"

http://blog.didierstevens.com/2007/05/07/is-your-pc-virus-free-get-it-infected-here

And yes, over a six month period, 409 people did just that.

Dumb, dumb, dumb.

Comment