Users should be aware of a marked increase in malware and spam activity linked to the forthcoming UK General Election on May 6th 2010.
The election has already been dubbed the ‘Digital Election’ in light of the unprecedented use by all the political parties of online tools such as e-mail, viral videos, social networking, blogs and mobile applications.
However, the high degree of legitimate and safe online campaigning has also given rise to increased malware and unsolicited messaging falsely claiming to be from the political parties, or falsely claiming to contain election-related news, information, web sites and marketing material such as viral video campaigns.
Users need to be extremely vigilant over the coming weeks as malware distributors and spammers look to capitalise on election interest to spread malicious code, links to infected Web sites and unwanted e-mail marketing spam.
In addition to ensuring all your PCs have an up-to-date PC security software such as anti-virus, firewall and anti-spam applications installed, users need to remain vigilant and careful when visiting any Web sites or handling e-mail from unknown and untrusted sources, even if they appear legitimate on the surface.
The parties are already sending a large volume of legitimate marketing e-mail in the names of David Cameron, Nick Clegg, Gordon Brown and others. If spammers do likewise, unsuspecting users could be duped into opening unwanted, or potentially harmful e-mails and attachments instead of a harmless election communication.
It is essential that users check what they are opening beforehand and treat all election themed online material as a potential risk, otherwise the election could provide more than just a surprise on polling day.
Look out for the following potential threats and follow these guidelines to keep your computers and data safe:
- Malware carried in e-mail spam and fake Web sites: As with any prominent news event, users can expect spam e-mail that will look like party or candidate appeals or news updates, but instead carries links to malicious sites which download rogue security products and malware. E-mail users should think twice about clicking on any links from unknown sources. Always hover over embedded links to see the address before clicking on them.
- Search Engine Optimisation poisoning: There will be numerous “top” stories in the next few weeks, including polling results and extensive discussion of the possibility of a “hung” parliament. Search engine results will be targeted and poisoned to include links to malicious sites which peddle rogue security products, online pharmacy scams or download botnet infections.
Users should read Web addresses before clicking on them, and consider obtaining their news only from trusted sources such as the BBC, The Guardian, The Daily Telegraph etc. Spamblogs – rogue blogs used to promote affiliated Web sites, to increase the search engine rankings of associated sites or to simply sell links/ads − will also be out in full force and trying to capitalise on election interest.
- Hacked party Web pages: Several political parties have had their sites hacked and defaced over the years, and the General Election provides a focal point for renewed efforts to deface a site in front of an increased worldwide audience. Past actions have just involved rude and crude messages being placed on the homepage, but an escalation will likely see infected code being integrated into an otherwise harmless and legitimate Web site.
- Fake Web sites: Alongside hacking the real site, we are seeing an increase in fake sites, forming part of an overall phishing attack. These fake sites can be used to harvest personal and financial information, as well as spread malware through infected downloads, banner ads and page code.
- Facebook, Twitter and blog comment spam: Social networking sites and services offer rich possibilities for the distribution of malicious URLs leading to download sites. Check any shortened URLs with LongURL to see where they actually lead. Be cautious where YouTube videos are concerned – threats could range from relatively harmless survey spam to infected downloads or phishing Web sites.