Detail of image from SophosLabs

SophosLabs reports that malware attacks tend to surge near major elections and the most recent is calculated to pull in anxious voters on either side of the political spectrum; a malicious email purporting to come from CNN declaring "CNN Breaking News--Mitt Romney Almost President."

In a post on their NakedSecurity blog, Sophos explains why no one should click a link from an email like this:

The links all follow the standard Blackhole exploit kit formula. The link in the email takes you to a page that directs you to some nasty JavaScript found on other sites controlled by the attackers.

Even if a user who follows those links is on a protected computer, Sophos reports that the hack then takes another step by trying to send users to a page that appears to be an innocent Adobe Flash update, but in reality tries to infect the victim's computer with the same exploit.

Blackhole exploits are nasty. A few weeks ago Ars Technica explained how most Blackhole exploits work:

BlackHole is a widely-used, web-based software package which includes a collection of tools to take advantage of security holes in web browsers to download viruses, botnet trojans, and other forms of nastiness to the computers of unsuspecting victims. The exploit kit is offered both as a "licensed" software product for the intrepid malware server operator and as malware-as-a-service by the author off his own server.

Blackholes can essentially transform our friendly laptops into remotely-controlled members of a kind of zombie horde. Botnets can be used for all kinds of ugliness, including denial of service (DDoS) attacks.

SophosLabs expects similar shenanigans to continue until the election is over and possibly for months afterward.

Avoiding the malicious Mitt Romney email is easy--don't click links from emails at all, go directly to the website that appeared to send the message. Recipients receiving this particular message should also wonder if it even makes sense--no major news outlet, certainly not CNN, would even bother with headlining a story that a candidate is "almost president" and calling it "breaking news."

As is often the case with malicious emails or direct messages, common sense is the best defense.

Mr. Young

Cryptome, a sort of proto-WikiLeaks website best known for exposing the CIA analyst who found Osama Bin Laden, announced this week that its entire website had been hacked. But, in a surprising response from Cryptome founder John Young—a man suspicious even of tap water—no foul play was suspected. At least no more foul than the usual Internet hijinks.

Reached by phone, Mr. Young explained that the site had been attacked by malware from Blackhole exploit kit 12, the latest iteration of  what TechWorld calls an insidious, but "incredibly common automated web compromise system. " This kind of malware harvests IP addresses of people visiting the site for potential nefarious use later on, said Mr. Young.

Mr. Young discovered the malware when a reader got a virus this morning from downloading one of Cryptome's files that had been in its directory for a long time. After some examination, his team discovered other files containing the malware script as well. Crytome, which made the breach public (part of the site's mission to expose such security flaws), is currently in the process of completely restoring all of its  70,000 files and expects to be finished by the end of the day.

But the site, which has leaked photos of Dick Cheney's alleged post 9/11 bunker, names of possible British and Japanese spies, and even Microsoft's top-secret Global Criminal Compliance handbook, doesn't think its content has anything to do with why it was hacked.

"Our content is completely innocent, I assure you, completely worthless, it appear to just be using us as a launching platform," he insisted. "If we had billions of dollars, I’d be concerned."

Really, we insisted, was he sure the government or any of the subjects of Cryptome's files weren't to blame?? "Actually no, although I know a number of people like to magnify their importance," Mr. Young offered. "We don’t think we were attacked for that reason, we think it's just people meddling."

"We would like to understate our value," he emphasized.

Claiming that a security breach is part of a concerted attack is "just what the Defense Department and other obnoxious organizations do," said Mr. Young. Being hacked is merely a hazard of life online. "We don’t think there's any security on the Internet, no matter what anyone says. We think the Internet is used for spying more than anything else, data gathering as it's called. It’s completely insecure."

That's the beauty of the medium, he added, "Digitally, you can do such wonderful things without people knowing you’re doing it!"

Despite common knowledge about the lack of security, some organizations, "make a big hew and cry" of being targeted by hackers, "but they’re just blowing smoke at the public," Mr. Young noted. "The Defense Department is no better at this than anyone else."

As the war in the Middle East winds down, the public has been hearing more about the lack of security online because both the government and security specialists stand to gain from that fear, reasoned Mr. Young. "Lately the last few months, they’ve been talking about how dangerous the Internet is, but that’s because they want more funding." Some people, he noted, wonder if the DOD hasn't been pretending to be hacked for just that reason.

Aha! See, we knew there was a conspiracy afoot somewhere.

Check out The Observer's previous coverage of Cryptome:

How a White House Flickr Fail Outed Bin Laden Hunter ‘CIA John’

The Original WikiLeaker