Creators of malware are using the death of Osama bin Laden to fool unsuspecting users to click on malware.
The exploitation of big news on the internet is standard operating procedure for virus writers and other criminal hackers, who prey upon natural human curiosity in their attempts to get users to click on malware. The technique is called “social engineering,” where hackers trick people into falling for a scam.
Malware creators wasted no time in creating fake images of bin Laden in death to attract users to click on malware, according to Zscaler. One site has a photoshopped image of Bin Laden and invites users to click on a Flash video player. The file contains an “adware” tool known as “hotbar.” Zscaler warns users to take caution about visiting unknown sites that purport to have bin Laden photos or videos.
Another scam bin Laden video takes users to a link that contains the Rogue fake antivirus software. Internet security company Symantec says it expects to see 100 million spam emails sent in the next 24 hours related to bin Laden. On Friday, the same thing pretty much happened with the royal wedding. Instead of clicking on short links or news that is passed around, security experts say users should go directly to a news site and click on the stories they see there.
Websense Security Labs also says that the web site that belongs to Sohaib Athar at ReallyVirtual has now been hacked and leads users to malware. Athar unwittingly live blogged the attack against bin Laden via Twitter posts. Patrik Runald, senior manager of security research at Websense says users should be warned about clicking on Athar’s site now.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.