Obama Spammers Now Using BofA Phishing Attack

Remember the hacker group that was using the Barack Obama acceptance speech as a ruse to trick people into downloading malware?  Jose Nazario of Arbor says they are back and this time, they are using a similar attack, tricking people into downloading software to view a demo video of how to deposit checks into your account from your home computer.

From ArborNetworks here:

The Obama spam and malcode gang is back at it with a new fast flux phishing and malcode ruse. This time it’s a demo from the Bank of America that requires the classic “Flash Upgrade”.

At the peak I was seeing 400 unique URLs for this run an hour. The URLs were unique strings, possibly for tracking purposes or possibly to stress URL blacklists. But, when you look more closely you see they are just a handful of domain names.

It looks like blocking directclieck.com would do best to block this attack, but remember, you have to block it by name, not by IP since it fast fluxes.  The best way would be to block it using content filters or a proxy if you have one.