Endpoint Protection

 View Only

Malware and spam groups exploit US election fever 

Oct 19, 2016 08:59 AM

Over the past month, Symantec has blocked almost 8 million spam emails relating to the US presidential election. The volume of spam has increased steadily during that period, reflecting rising interest in the election as the November 8 polling day draws near.

The trend reflects one of the tactics most commonly used by spam groups. Emails concerning current events are more likely to get the attention of recipients, so are more likely to be opened.

Figure 1. US election spam volume by day

Malware menace

The vast majority of election spam blocked by Symantec is traditional spam—unwanted and unsolicited emails. Some concern the election, others simply use the names of the candidates in the subject line to lure recipients into opening them. However, within this wave of election spam, there is a smaller but significant number of emails with malicious attachments. If opened, the attachments could download and install malware on to the recipient’s computer.

Two of the spam emails discovered by Symantec reference Republican nominee Donald Trump and contain the subject lines ‘Donald Trump’s Secret Letter’ and ‘Donald Trump Reavealed’ (sic). Both have .zip files attached, with one claiming it reveals Trump’s “secret emails”, while the other purports to reveal a photo of Trump groping a teenage girl. However, these attachments actually contain malware.

Figure 2. Example spam email using the US election as a lure for opening a malicious attachment

Democratic nominee Hillary Clinton has also seen her name used in spam over the course of the campaign. An email campaign discovered by Symantec in August claimed to show a video of Clinton with an ISIS leader, but the attachment was, in fact, a malicious Java file that infected recipients with a remote access Trojan.

Figure 3. Blocked emails containing malicious attachments

The number of malware-bearing emails has spiked periodically over the past four weeks. However, the overall trend is moving upwards, indicating that attack groups are increasingly leveraging the election as we move closer to the polling date.

Figure 4. Malicious attachments by type

The most prevalent type of attachment seen in malware-bearing emails was malicious JavaScript files (JS.Downloader). These are usually downloaders for other malware and are frequently used to install ransomware and financial Trojans. The Dridex financial Trojan (W32.Cridex) accounted for 15 percent. A further 15 percent of emails were blocked by Symantec’s generic Trojan protection, which is activated whenever malicious activity associated with Trojans is detected.

Maintain vigilance

Given the already-growing volume of malicious emails attempting to capitalize on the US presidential election, it’s reasonable to assume that attackers will up their efforts over the next three weeks as the election campaign goes into overdrive. Exercise caution with any emails you receive, particularly if they come from an unfamiliar source or contain sensationalist subject lines.


A full protection stack helps to defend against these attacks, including Symantec Email Security.cloud, which can block email-borne threats, and Symantec Endpoint Security, which can block malware on the endpoint. For consumers, Norton Security will protect your computer from malware.

Tips for protecting yourself from email-borne threats

  • Delete any suspicious-looking emails you receive, especially if they contain links or attachments.
  • Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
  • Always keep your security software up to date to protect yourself against any new variants of malware.
  • Keep your operating system and other software updated. Software updates will frequently include patches for newly-discovered security vulnerabilities that could be exploited by attackers.
  • Regularly back up any files stored on your computer. If your computer does become infected with ransomware, your files can be restored once the malware has been removed.

0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.