Wikileaks email dump riddled with malware

Visitors to the Wikileaks website risk getting infected with viruses and other malware, a renowned security research has found.

Dr Vesselin Bontchev.

Vesselin Bontchev, assistant professor of the Bulgarian Academy of Sciences National Laboratory of Computer Virology, told iTnews that he contacted Wikileaks about the malware trove, but did not receive a response. 

Bontchev first identified 323 direct links pointing to some form of malware in his report on the leak of emails from Turkey's ruling Justice and Development party (AKP). The links have since been disabled.

"If you click on it now you'll just download a 101-byte text file (despite the "exe" extension) which says: this file originally was part of akp-emails release, but had to be disabled because it was a virus," he said. 

The malware is still there, however, as base64-encoded attachments, and can be downloaded using the View Source feature on the Wikileaks message viewer feature, Bontchev said.

He also found that Wikileaks still directly links to malware in thousands of cases.

"I discovered that there are 3277 additional links still pointing directly to malware. That is, click on a link, malware gets downloaded to your PC," Bontchev said.

Although Wikileaks has not responded to or acknowledged Bontchev's report on the malware, he believes the site administrators used his initial list of 323 links to neuter the attachments.

"I know that they used my report instead of, say, running a scanner on the files, because only the links listed there have been "neutered" - all of them - despite the fact that I had made a mistake and had included one harmless file (a PowerPoint presentation)," Bontchev said.

"Nobody from Wikileaks ever acknowledged their mistake or my help in finding the problem. Still, I'd be glad if they just remove the malware and nothing else. But those 3277 links are still live."

The malware on Wikileaks is run-of-the mill downloaders, ransomware and bots, the researcher said.