Expert Speak

Osama Threatens, Even After Death!

Osama Threatens

Cybercriminals look to make a killing by leveraging the big news through spam, phishing and social engineering tactics, says Abhijit Limaye, Director, Security Response, Symantec.

Just over 24 hours since Osama Bin Laden was killed, the world is abuzz with how the dreaded terrorist was brought down. The first spam using news of Osama’s death was seen in the wild within 3 hours of the event and Symantec reported this spam activity along with other spam samples. As anticipated, we started observing rise in malicious and phishing attacks.

Thanks to the internet and the popularity of social networking and microblogging, the news spread like wildfire. But with the world turning to the Internet for details of the infamous outlaw’s death, cybercriminals are out there to make a killing too! As fast as the news spread, they are ready to defraud curious Internet users and businesses. Large businesses are also exposed to serious security risks given the increasing Consumerization of IT and growth in employee use of social networking websites, web mail, and popularity of P2P file sharing networks and programs.

Currently Symantec’s probes are receiving multiple malicious spam samples in Portuguese, French and Spanish languages. The links in these spam dumps downloader on the victim’s machine which in turn download the actual malware. Further analysis of these attacks show that most of the malicious attacks have originated from Brazil, Europe and the US.

Phishing attacks usually target big brands. In one of such phishing attack spammers targeted a news website. The email contains link to the photos and uncensored videos and directs uses to phishing site. The phish site shows an auto-running Osama video in an iframe and asks user to click on the link to download complete video. Clicking on that link downloads an exe file which is a downloader, malicious software programs that download content from the web without the user’s permission.

Symantec cautions users against opening any shortened links on microblogging and social networking sites. These are very commonly used by cybercriminals to fool users into thinking they are visiting a legitimate link. In fact, according to Symantec’s Internet Security Threat Report XVI, 65 percent of malicious links on social networking sites made use of a URL shortening service. Of these URLs, 73 percent were clicked 11 times or more, with 33 percent receiving between 11 and 50 clicks.

Sensational news items such as Osama’s death provide cybercriminals with the perfect opportunity to make money – a large audience is interested in this news, making them vulnerable to engineered tricks where they are duped into clicking on malicious links or giving away private information. This information can then be used to launch additional attacks, or steal sensitive bank account or credit card details. What’s worse, cybercriminals are buying and selling the information stolen in this fashion on the online underground economy. According to the latest Internet Security Threat Report XVI, Symantec observed credit card data sold for as little as Rs 5!

Indians need to be particularly careful, since 54 percent of Indian Internet users access social networking sites and 52 percent use the web to look for information through search engines, according to industry reports. With India ranking second globally for malicious code, according to the ISTR XVI, it is evident that Osama will continue to be a danger even after his death, at least online!

Leave a Response