Virus makers make merry after Osama death

Many may be happy to hear about the death of Osama bin Laden, but few would be happier than Internet criminals and scamsters, according to Internet security companies.

Not only have they infected the website of Abottabad-based techie Sohaib Athar (which was widely linked by news media,) but they are also entrapping many users with intriguing headlines like ‘Laden is holding a newspaper with today’s date.’

Athar, who goes by the handle @ReallyVirtual on twitter, became an instant celebrity after unknowingly ‘live tweeting’ about the US attack on Monday night. He reported the presence of helicopters and shooting when the operation was going on in his hometown Abottabad.

“Athar links to his website from his Twitter account and has become a major source of media interest and the public seeking more information on the news. We have discovered the website belonging to Athar has been compromised by hackers and leads to the Blackhole exploit kit,” says Websense Security Labs in an alert to users.

Exploit kits help website owners deliver a ‘payload’ or virus to other computers that visit the website. The virus or trojan can then be used for other purposes, such as generating spam, stealing credit card data of the users of the computer etc..

The first Blackhole kit first appeared on the crimeware market in September of 2010 and ever since then has quickly been gaining market share over its vast number of competitors.It is one of the most prevalent exploit kits used in the wild.

Websense points out that today’s hackers constantly monitor web search trends and are smart enough to immediately take advantage of notoriety and trends to infect massive amounts of computer users. Most websites, such as Athar’s cannot withstand sophisticated attacks by professional hackers and can be easily made the vehicle for spreading viruses.

“We wanted to warn everyone looking for news on Osama bin Laden’s death to be cautious when clicking on new links. Make no mistake—hackers are going to go after websites, like @ReallyVirtual’s, along with search engine results to prey on visitors looking for more information. Compromises on breaking news items are also very dangerous to organizations because employees who are searching online can potentially put an organization at risk for exploit and data loss,” Patrik Runald, Senior Manager, Security Research, Websense Security Labs pointed out.

McAfee too warned that emails with alluring subjects are being used to spread malware.

“With the news of Osama Bin Laden being dead, spam e-mails with videos disapproving his possible death are doing the rounds in cyberspace. These e-mails lure users into clicking the link which are then directed to a site that downloads a small file onto your system. This file, detected currently as either “Heuristic.LooksLike.Win32.EPO.F” or “Artemis!7C4314D9690D” is a Trojan that does nothing but steal data,” it warned.
Such spam mails carry the following subject lines

The subject lines may contain phrases like “OSAMA-BIN-Laden-aparece-segurando-jornal-com-a-data-de-hoje-obama-se-passa-por-mentiroso.exe” “fotos-do-osama-morto.exe” or “pictures-of-osama-dead.exe.”

It also warned users not to click on such links from Facebook or Twitter.

“Be cautious and especially on guard when receiving messages that purport to offer photos of Bin Laden’s body, funeral at sea or any additional details,” it said.