New spam emails are being circulated that claim US President-elect Barack Obama no longer wishes to take up the position, despite his inauguration taking place in Washington DC tomorrow.


According to some experts, the emails contain variations of the ‘Waledec' Trojan.


Sam Masiello, vice president of information security at MX Logic, claimed that all of the links on the site link to a file named pdf.exe, which McAfee is calling part of the Waledec family of malware.


Masiello said: “Waledec is widely considered to be the new incarnation of the Storm Worm based on its similarities in behaviour to the original Storm which has been eradicated. As is often the case with these new outbreaks, AV detection is scarce so be aware of this new tactic.”


The spam emails are designed to look like news pages, and contain lines such as ‘haven't you heard latest news about our president-elect?', ‘end-time for USA' and ‘who will be our president now?'.

Links in the messages lead to a legitimate-looking site that resembles the real Obama-Biden campaign site, which contains both bogus and real news stories. Clicking on one of the stories downloads a variant of the Trojan.


Jake Soriano from Trend Micro, explained: “WORM_WALEDAC.KAX steals email addresses by searching for these in files found in fixed, network and RAM drives. It saves and encrypts a file containing its stolen information, and sends this file to several IP addresses using HTTP post. This worm also has backdoor capabilities. It opens random ports in an affected system to listen for commands from a remote user.”