Malicious 'terror attack' spam sets off security alarms

Powered by SC Magazine
 

A new malware scam is using fabricated reports of a terrorist attack to infect users.

According to researchers from several security firms, including McAfee and Sophos, the attacks are being sent out as spam messages which contain hyperlinks.

The attacks carry such headlines as "why did it happen in your city?" and " at least 18 killed in your city."

The message itself contains little more than a short sentence and a link to a phony news site.

Where the attack distinguishes itself, however, is the use of geolocation services which collect traffic data and then insert the name of the user's city of origin into the article, further increasing the chances that a user will click on what appears to be a video file on the page.

Rather than load a video, however, the page attempts to download an executable file on the target system. That file then infects the user with malware from the 'Waledac' botnet (also known as 'waled.')

"They are using the city name of the user visiting the fake website and inserting this name into the website itself," explained McAfee researcher Micha Pekrul.

"So the 'breaking news' gets even more attention, because when an attack happens in your home town, everyone would be anxious and curious."

Neither tactic is particularly new. Malware writers have in recent years taken to creating fake news pages for news events, attacks and natural disasters, both real and fabricated, to spread their wares. Geolocating is also becoming a particularly effective tool for use in social engineering attacks.

Copyright ©v3.co.uk


 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1760

Vote
Do you support the abolition of the Office of the Information Commissioner?