DOICIRC
DOICIRC Alert DATE ISSUED:
May 5, 2011
FBI warns that fake bin Laden video is a virus
The U.S. Federal Bureau of Investigation warned computer users Tuesday that messages claiming to include photos and videos of Osama bin Laden's death actually contain a virus that could steal personal information.
The warning comes as security companies said that they've spotted the first samples of malicious software disguised as photos of the dead Al Qaeda leader.
Security vendor F-Secure said Tuesday that criminals are e-mailing a password-stealing Trojan horse program called Banload to victims, and Symantec said its seen criminals spamming victims with links to fake "Osama dead" news articles that launch Web-based attacks on visitors.
U.S. authorities do have photos of bin Laden, who was shot in the head during an early morning raid Monday in Pakistan. But these photos have not been released publicly.
Scammers have also used a technique called search engine poisoning to try to trick search engines into listing hacked Web pages that are loaded with malware in their search results. "It's unlikely you'll find pictures or videos of Bin Laden's death online -- but searching for one will certainly take you to sites with malware," wrote F-Secure chief research officer Mikko Hyponnen in a blog post.
The FBI warned Internet users to watch out for fake messages on social network sites and to never download software in order to view a video.
"Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar, and non-standard English," the FBI warning stated.
As a major international news event, bin Laden's death has shown the amazing way information can spread online. Many learned of the terrorist leader's death through Twitter, where the story first broke, or Facebook.
But it also underscores how the unfiltered media can quickly spread bad information worldwide.
In the two days since the early morning raid, the bin Laden story has generated fake photographs, fake quotes, and plenty of scams.
Security experts said that shady marketers and so-called rogue antivirus vendors have also jumped on the bin Laden bandwagon. The rogue antivirus software bombards victims with pop-up messages telling them they have a computer problem. Its aim: to nag them into paying for bogus software.
Shady marketers are spreading messages on Facebook that try to lure victims into spreading the message to friends and visiting marketing Web sites, by claiming they have a censored video.
"Osama is dead, watch this exclusive CNN video which was censored by Obama Administration due to level of violence, a must watch," is a typical lure used in the scam. Users are encouraged to cut and paste malicious JavaScript code into their browser, which then sends the message to all of their Facebook friends. Security experts say never to cut and paste scripts into the browser.
A file called Fotos_Osama_Bin_Laden.zip is being spammed via e-mail. The archive contains a file called Fotos_Osama_Bin_Laden.exe (md5:d57a1ef18383a8684c525cf415588490).
Fotos_Osama_Bin_Laden.exe / Osama bin LadenOf course, running this file won't show pictures of dead bin Laden. Instead it executes a banking trojan belonging to the Banload family. It will install itself on the system (as
msapps\msinfo\42636.exe) and starts to monitor your online banking sessions (via a BHO), trying to redirect your payments to wrong accounts.
US-CERT detect this one as Trojan-Downloader:W32/Banload.BKHJ.
FBI warns that fake bin Laden video is a virus
The U.S. Federal Bureau of Investigation warned computer users Tuesday that messages claiming to include photos and videos of Osama bin Laden's death actually contain a virus that could steal personal information.
The warning comes as security companies said that they've spotted the first samples of malicious software disguised as photos of the dead Al Qaeda leader.
Security vendor F-Secure said Tuesday that criminals are e-mailing a password-stealing Trojan horse program called Banload to victims, and Symantec said its seen criminals spamming victims with links to fake "Osama dead" news articles that launch Web-based attacks on visitors.
U.S. authorities do have photos of bin Laden, who was shot in the head during an early morning raid Monday in Pakistan. But these photos have not been released publicly.
Scammers have also used a technique called search engine poisoning to try to trick search engines into listing hacked Web pages that are loaded with malware in their search results. "It's unlikely you'll find pictures or videos of Bin Laden's death online -- but searching for one will certainly take you to sites with malware," wrote F-Secure chief research officer Mikko Hyponnen in a blog post.
The FBI warned Internet users to watch out for fake messages on social network sites and to never download software in order to view a video.
"Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar, and non-standard English," the FBI warning stated.
As a major international news event, bin Laden's death has shown the amazing way information can spread online. Many learned of the terrorist leader's death through Twitter, where the story first broke, or Facebook.
But it also underscores how the unfiltered media can quickly spread bad information worldwide.
In the two days since the early morning raid, the bin Laden story has generated fake photographs, fake quotes, and plenty of scams.
Security experts said that shady marketers and so-called rogue antivirus vendors have also jumped on the bin Laden bandwagon. The rogue antivirus software bombards victims with pop-up messages telling them they have a computer problem. Its aim: to nag them into paying for bogus software.
Shady marketers are spreading messages on Facebook that try to lure victims into spreading the message to friends and visiting marketing Web sites, by claiming they have a censored video.
"Osama is dead, watch this exclusive CNN video which was censored by Obama Administration due to level of violence, a must watch," is a typical lure used in the scam. Users are encouraged to cut and paste malicious JavaScript code into their browser, which then sends the message to all of their Facebook friends. Security experts say never to cut and paste scripts into the browser.
A file called Fotos_Osama_Bin_Laden.zip is being spammed via e-mail. The archive contains a file called Fotos_Osama_Bin_Laden.exe (md5:d57a1ef18383a8684c525cf415588490).
Fotos_Osama_Bin_Laden.exe / Osama bin LadenOf course, running this file won't show pictures of dead bin Laden. Instead it executes a banking trojan belonging to the Banload family. It will install itself on the system (as
msapps\msinfo\42636.exe) and starts to monitor your online banking sessions (via a BHO), trying to redirect your payments to wrong accounts.
US-CERT detect this one as Trojan-Downloader:W32/Banload.BKHJ.
#############################################
I have no idea why you might want/need to see a dead person... Morbid Curiosity?
If you have the need to look at such things visit
www.rotten.com
there are no pics of OBL there.
but there are no virus or malicious software infections either.
4 comments:
Thanks for the update. Nutters are everywhere! xo
Thanks for the warning! I'm sure there will be MANY people duped by this one, that didn't know better, or just had to see what was out there.
Kurt,
Great update on this. I've seen tons of pop up chats from my "friends" advising me to "Check this out". Word of warning. NEVER click on any links in Facebook chat. It's yet another scam to secure your personal information. Once you click on it, it sends the link under your name to all your Facebook friends.
Love and Hugs ~ Kat
Damn.
Osama's STILL fuckin' us up !
Post a Comment