The news of the day is that Osama Bin Laden has been killed by United States operatives, leading to the release of malware using the news as a broadcast medium.
Last night, the President of the United States of America announced in a live television announcement that Osama Bin Laden had been killed following an American military intervention in Pakistan not far from the capital Islamabad. This information was first heard by a lot of Americans as they woke up this morning.
The French President, in reaction to the news stated “Osama Bin Laden was a promoter of the ideology of hatred and was the chief of a terrorist organization responsible for the deaths of thousands of victims, especially in Muslim countries. For his victims, justice has been done".
While similar declarations were being made around the world, many were conscientious that this doesn’t signal the end of Al-Qaida. The information will surely be the number one news search in the world today, with internet users looking for all the information they can find on the subject – making it prime ground for cybercriminals.
Such criminals were certainly reactive in the setting their traps following the earthquake and tsunami which hit Japan, but it now appears that new records have been set following the death of Bin Laden.
Through the Google search engine, information on the death of Bin Laden was quickly reported from around the world. Cybercriminals used SEO (Search Engine Optimization) methods to place their malicious links towards the top of reported search results.
Kaspersky Lab has noticed that through Google Images, redirections to malicious sites were particularly frequent when searching for the body of Ben Laden. By clicking on a picture, the user would be redirected to hijacked web pages which would lead to the display of the classic fake antivirus installation page.
Zscaler has also noticed that this is a classic scheme which calls on hot news topics to spread. A Spanish site, for example, was allegedly displaying a picture of Bin Laden’s body along with an article about the operation conducted by the United States. In the page, a message appeared with a Flash Player window indicated that the user needed to update a VLC player plugin to be able to view the video. The installed plugin was actually a malicious executable file.
These attacks remain, for the moment, classic and preventable. Users should nevertheless reman prudent.