May 4, 2011

Be Careful of Malware Attacks in Links to Usama bin Laden Death

The FBI today warns computer users to exercise caution when they receive e-mails that purport to show photos or videos of Usama bin Laden’s recent death. This content could be a virus that could damage your computer. This malicious software, or “malware,” can embed itself in computers and spread to users’ contact lists, thereby infecting the systems of associates, friends, and family members. These viruses are often programmed to steal your personally identifiable information.

Social networking sites are vehicles for spreading malware!

The most recent, known spam activity is on Facebook, where a spam message cloaked as “Sweet! FREE Subway To Celebrate Osama’s Death – 56 Left HURRY!” or “2 Southwest Plane Tickets for Free – 56 Left Hurry” was being circulated. It has a link inviting users to post the information to their wall in order to keep the scam strewn. A sender's account is hijacked and sends messages to everyone who is "connected" to the sender. When the receiver navigates to the message in the message, malware will try to load. "This example serves as a good reminder to all social networking site users that the message may not be from a friend, even if it is from a friend.

According to Kaspersky Lab, since people are most drawn into the images of Bin Laden’s dead body, two domains took the liberty to serve a fake anti-virus by the keyword “Osama Bin Laden body” on Google Image Spanish search. Another Spanish-language site photo shopped bin Laden’s dead body after he was shot, added by a seemingly legitimate news story and a video. When you click on the video to play, it prompts the viewer to update a VLC media player plug-in, which is actually an adware tool called “hotbar” but is disguised as “XvidSetup.exe, warns Zscaler in a blogpost.

As always, users are reminded to remain cautious when opening e-mails or clicking on links. Bottom line, if something looks too good to be true, uncommon, unlikely, or calls for immediate action then it's most likely an attack.

No comments: