The massive phishing campaigns first emerged on Sunday within hours after President Obama announced that Osama bin Laden was dead as a result of an extensive intelligence operation involving the CIA , U.S. Navy Seals and other U.S. agencies.
Spam and phishing campaigns typically spike sharply upwards following a major news event, as cyber criminals look for ways to capitalize on the excessive Internet traffic generated by piqued international interest. This one is no exception, security experts say.
"This is pretty typical of this kind of malware," said Tim Armstrong,malware researcher at Kaspersky Lab. "We see this after any major event happens -- these guys are pretty much waiting. They have such a system set up that they can jump on any topic."
Within about four hours after news broke of bin Laden's death, malware authors began launching SEO campaigns targetingGoogle to spread rogue antivirus software, while circulating Facebook adware on the social networking site.
"As always, when big news appear in the press, the bad guys start Blackhat SEO campaigns in popular search engines trying to lure users to install Rogueware," said Fabio Assolini, Kaspersky Lab security researcher, in a blog post Monday.
In SEO poisoning attacks, cyber criminals manipulate the search engine's algorithm in order to place a malicious Web site at the top of the search rankings, which, as the some of the first sites the user sees, will often benefit from high volumes of traffic. The malicious or bogus Web sites usually entice users to click by purporting to offer breaking news or information on a global event.
The bin Laden SEO poisoning attacks result from an image search that lures users with headlines such as "Osama bin Dead Awhile" and "Is Osama bin Laden Dead?" coupled with pictures of the international terrorist.
However, when users click on the links, they are taken to one of two domains that offers fake anti-virus software called "Best Antivirus 2011." In reality, the rogue antivirus, which is powered by a TrojanKaspersky Lab identified as Trojan.Win32.FakeAV.cvoo, tricks users into entering credit card information and paying a fee by claiming that it will allegedly clean their computers.
Armstrong said that what makes this particular rogue antivirus scam unique is that it also comes equipped with a Mac variant that drops an installer, designed to exploit the trusted file system in theSafari browser to launch automatically.
"That's pretty unique," Armstrong said. "These scams apply to Mac users. It looks like cyber criminals are updating their game to include more Mac users."
Meanwhile, Kaspersky Lab experts also detected a slew of bogus Facebook ads that are spreading virally using bin Laden's death as a trigger.
One ad claims "Sweet! FREE Subway To Celebrate Osama's Death—56 Left HURRY!" as well as "2 Southwest Plane Tickets for Free – 56 Left Hurry" along with a shortened URL. ajmalseotips.blogspot.com
0 Comments