Yesterday the FBI of all unlikely sources confirmed this author’s initial hunch that since Osama Bin Laden’s latest death all those fake ‘shopped photos and videos being furiously sent and circulated around the internet are in fact likely all mostly some sort of embedded or manually executable malware (aka virus) destined to exploit known vulnerabilities and steal and farm personal information from unsuspecting users.
The clear give away for me me was when many people I never receive regular messages from on Facebook all started posting these Bin Laden links on my wall which I care nothing about. I even clicked on one of them from an isolated test machine in order to test out my hunch and all I can say is thank god it was running the latest Firefox and NoScript. I’m sure however the majority of people weren’t so lucky and the smart ones will be doing a lot of re-formatting in the coming days.
Even mainstream security companies have started finding samples and reverse engineering and documenting the software disguised as photos of the dead Al Qaeda leader. Obvious example file names such as “Fotos_Osama_Bin_Laden.zip” and such are being circulated via email and other file sharing and web hosts. Honestly in these types of obvious scenarios the same rules apply that you’ve heard of for decades now. Do not click or interact with a suspect file from an untrusted source. Curiosity killed the cat definitely proves to be a fitting adage in such cases. You must resist your morbid urge to click! Why on earth in 2011 anyone would run a .exe file to try and view an image file is beyond me but hey let’s save that for a post another day.
To quote, “the resulting Windows executable file doesn’t display photographs, but instead launches a new banking Trojan horse belonging to the three-year-old “Banload” line, said Hypponen of F-Secure. The malware sniffs out online banking sessions and then tries to redirect payments to other accounts.
Other more discreet cases found by Sophos, actually dupe users into copying and pasting a line of JavaScript into their browser’s address bar which will lead towards the malware’s execution. Yet again, why in 2011 anyone would copy and paste javascript code from a random untrustworthy source into their browser is beyond me, yet again, a post for another day.
The con-artists have also been busy using search engine poisoning to trick search engines into listing hacked Web pages in the top results that are loaded with malware. Presumably Google’s SafeSearch function is working in overtime at the moment but certainly won’t be able to keep up until the spammers traffic peaks. You can surely bet though that many others will jump on the band wagon and many other yet to be identified and potentially much more serious malware beyond the lines of the Banload type will be out and about for a stroll on the testing town. It will be interesting to track how well this phenomenon spreads or fizzles out. I’m sure with many already compromised machines the automated link and file spreading will be able to continue morphing into many different forms and likely not even involving the initial contagion’s use of the Bin Laden is dead story.
The FBI also warned Internet users to watch out for fake messages on social networking sites like Facebook, Twitter, YouTube and the like and to never download software in order to view a video. Personally I like that last part, I guess Veoh.com and such sites should take note. The FBI doesn’t stop there though with their wisdom, to quote, “read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar, and non-standard English,”. Let that be a reminder to us all, it’s always important to know how to write in proper format especially if we’re trying to commit fraud, be meticulous and try not to make any typos. 