http://government.zdnet.com/?p=3468
http://www.wired.com/politics/security/news/2007/10/paul_bot
We're examining this from a technical matter. We are not making any judgments about peoples' characters to determine whether they would or wouldn't do this; looking around the Intarwebs, we see lots of people already involved in that discussion.
We also haven't seen an example of this spams on our listening posts, yet. But if they were from known bad addresses they might die before we even see them.
It's well known that spammers send out subject lines related to recent news stories. A worm we found back in January had various subject lines:
- Magic of Flowers
- Romantic Picnic Coupon
- Happy World Religion Day!
- Last Night was Hot!
- Rose for my Love
- I Am Lost In You
And another used these subject lines:
- My Eye on You
- First Nuclear Act of Terrorism!
- Happy World Religion Day!
- Russian Missile shot down USA Satellite
- Saddam Hussein safe and sound!
- The commander of a U.S. nuclear submarine lunch [sic] the rocket by mistake
This is because a worm still relies on one of the time-honored mechanism to get people to open its mails: intriguing the end-user to read their message. Most spam solutions let users look over their spam messages and release messages.
So, since the candidate in question enjoys a very popular following online, it could stand to reason that the subject line was chosen to entice readers.
However, this sample message doesn't have any exploit code in it. The Storm Worm usually directs people to a hostile URL, but we don't have that, either.
So we're back to two traditional explanations: a spam attack done by misguided supporters, or a reputation attack.
That's the kind of question that requires going backwards through the botnet, which is always difficult detective work.
