Ron Paul Campaign Swept Up in Botnet Spam Scandal

Presidential candidate and Texas congressman Ron Paul has an ardent following of tech-savvy supporters -- at least one of which may have employed the use of hijacked PCs from around the world to spread pro-Paul spam. Several security researchers have noted a blast of spam e-mail messages sent earlier this week purporting to support Paul's bid for the Republican Presidential nomination.

The messages reportedly use a variety of subject lines that all include a positive statement like, "Ron Paul Stops Iraq War!" or "Vote Ron Paul 2008!" They also include a word of random gibberish at the end, which is used to defeat spam filters.

Spam seems to invent a random, apparently American, first and last name, Gary Warner told Wired magazine. Warner is director of research in computer forensics for the University of Alabama at Birmingham. It then combines that with an e-mail address from an apparently infected machine used to send the messages. The PCs used to send the spam have likely been hijacked for use as a botnet. Most have IP addresses that originate from other countries including Brazil, El Salvador, Germany, Japan, Korea and Nigeria.

Positive or Negative?

Ron Paul's supporters have been extraordinarily active in promoting Paul online in venues such as Digg.com, blogs, and unscientific polls where they can muster up quick mini campaign efforts to drive online poll voting. It's highly unlikely that Paul would use illegal spam tactics to propel his bid for the White House, but an enthusiastic supporter may not show as much restraint.

On the flip side, the Paul spam could also come from a Paul detractor -- someone trying to discredit the Paul campaign effort, which has come under fire for its amazing online success that doesn't seem to reflect Paul's offline support. A Rasmussen Reports national survey on Oct. 30 concluded that Comedy Central funnyman Stephen Colbert had greater popular support in his mock presidential run than Paul had with his sincere attempt.

"I would first say that this is the latest example of how a botnet can be used and misused," Mike Haro, a senior security analyst for Sophos, told TechNewsWorld. "This is obviously politically motivated, and as a result this could be damaging to Congressman Ron Paul's reputation."

Troublesome Tactics

Security firm McAfee, in its McAfee Avert Labs blog, noted an even more troublesome situation surrounding the Ron Paul spam: the affect it can have on social networking sites and video sharing destinations like YouTube. Ron Paul spam sent later in the day contained a URL that went to a YouTube video, which was removed due to a terms of use violation, according to McAfee's Chris Barton.

"Now, I have no idea what that video was ... but what struck me is that this would be a really efficient way to remove your competition's videos from YouTube," Barton wrote. "I'm not picking on YouTube here; I believe almost any social site would do the same."

Not a Surge

Just how widespread is the Ron Paul spam? "In terms of the volume, I wouldn't call this a surge of spam," Haro said. "Our traps have captured a significant amount over the last few days but nothing compared to the Storm Worm or other main spamming campaigns."

Haro also said that he didn't believe any major political candidate would use a botnet to attack a rival -- the risk of getting caught would far outweigh the likely benefits. He doesn't believe that Ron Paul is an anomaly, and he pointed out that Paul is certainly not the only presidential candidate with enemies. "I think the moral of the story is that these bot resources can be used at the beck and call of spammers for any motivation or agenda," he said.

"We also shouldn't overlook the possibility that this is just another example of social engineering, just like any major event draws people ... the unassuming user opening an e-mail of general interest," he explained. "Anything to do with the election will be top of mind for the coming year and used as a social engineering tool for spammers."