Hillary 'spear fish' more 'drag net' flung to 11,000 others in one day

Trio of failures: Targeted phish? No. APT malware? No. Russian? No.

US Presidential candidate Hillary Clinton was one of possibly hundreds of thousands to have received allegedly targeted malware sent by Russian hackers.

Last week the Associated Press and other prominent mastheads said the "Russian-linked" malware – so described because one of its three command and control servers is located in that country – had targeted Clinton in 2011.

Malcovery Security chief technologist Gary Warner, in a debriding of the inflamed reporting, points out that the same would-be Clinton spear phishing was in fact cast to more than 11,000 others, according to his spam database alone.

"The point is it wasn't 'targeted' and it wasn't 'spear-phishing,' and it isn't a 'mystery' about how it came to be sent to Mrs. Clinton," Warner says.

"This wasn't a clever Russian master mind sitting in his evil lair dreaming of taking over the State Department – one of the millions of spam bots that were part of this network asked the command and control server 'who shall I spam next?' and happened to draw Mrs. Clinton's email address.

"If Hillary Clinton was targeted, so were about 11,000 mostly entirely fictitious people whose spam goes into the UAB Spam Data Mine, as well as a few hundred people who chose to share their emails with us."

Malware map

A map of nodes spamming the 'targeted' attack (Source: Malcovery)

PhishLabs threat analyst Olivia Vining, in a single day in 2011 as then-Malcovery researcher, found some 45,377 copies of the would-be Clinton-pwning malware around the web.

Warner says the spammers find email addresses such as Clinton's using public sources, SMTP harvesting, and domain email enumeration.

The malware is based on the common BredoLab malware responsible for delivering millions of spam emails a month before the author's arrest in 2011. ®




Biting the hand that feeds IT © 1998–2018