There could be malware lurking inside that Clinton 'video' link
Update 11:45 a.m. PST: This blog incorrectly described part of what the link downloads. It downloads a Trojan horse. The link does not take viewers to a video.
Moving beyond Valentine's Day as a social-engineering theme, online criminals have started sending out e-mail with a supposed link to a recent interview with Sen. Hillary Clinton. Instead of a video, the link downloads a Trojan horse onto the viewer's computer. Security experts predict 2008 presidential election e-mails and phishing sites will continue throughout the year.
On Thursday in Symantec blog, researcher Kelly Conley writes that the e-mail arrives with the subject line: Hillary Clinton Full Video !!! The body text reads, in part: "Hillary Clinton visited her Virginia campaign headquarters and did satellite interviews, looking beyond Tuesday's trio of contests..."
Often the malicious software is not within a video, but within the download link, as is the case here. Symantec says the link embedded within the e-mail downloads a suspect file, "mpg.exe," which is a Trojan downloader. This downloader then downloads inst241.exe, a file that Symantec detects as Trojan.Srizbi.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments. 
