Osama's doom a scammer boon

By on
Osama's doom a scammer boon

Be careful what you click for.

It’s not only Western allies that are celebrating the death of Osama bin Laden. Security experts say the news will be a boon for spammers and malware writers who are set to capitalise on the extradorinary news as it trends across search engines and social networks.

The demise of bin Laden broke earlier today and has topped trending searches across Google and Twitter.

But scammers are already injecting fake news stories in hopes of fooling Googlers, the Twitterati and spam recipients.

"Within 24 hours we can expect in excess of 100 million spam emails" related to bin Laden's death, said Symantec SMB director Steve Martin.

"Anytime there is a major event there are always scammers."

He said it will be a vector to deliver malware to consumers and businesses and security administrators should be vigilant.

"Do not click on not click on any link pointing to a  news site. Rather, go to a trusted news source and type in the link."

He said shortened URLs were vulnerable because they hid the link source.

Martin said Twitter users have a responsibility not to tweet short URLs about bin Laden's death: "If you need to make two tweets, then do it".

Sophos chief technical officer Paul Ducklin said blackhat search engine optimisers will be quick to seize on the news, even starting fake news sites.

"We saw that when William and Kate were engaged, and we will see it again," Ducklin said.

If an attacker has root access to a site, they can use PHP script to trick anti-malware functions within search engines like Google.

"They can make the site appear legitimate to a search bot, and assume a different form to a Google referral and different again to someone who types in the full URL," he said.


Infosec researchers warn users to be wary of Osama scams.


Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?