Cyber crooks cash in on Osama bin Laden's death

Within hours of the announcement that Osama bin Laden was dead, online security vendors began reporting incidents of spammers and scammers exploiting the news. Major world events, including the recent Japanese earthquake, typically are accompanied by an increase in fraudulent emails designed to ensnare those seeking to help or obtain more information. The capture of the Sept. 11 mastermind is no different. Security experts urged consumers to beware of some of the most prevalent ploys:

Malicious Online Video

Zscaler blogger Michael Sutton on Sunday night warned about online photos and video footage:

"One Spanish-language site displays a purported photo of a murdered Osama bin Laden and includes a story about the U.S.-led operation. Farther down the page, the reader is presented with a Flash Player window with a message indicating that the user must first update a VLC plug in, which is a popular media player, in order to view the video. When the user clicks on the link, they will download a file titled XvidSetup.exe. This file is actually a popular adware tool known as hotbar. At present, 19 of 41 antivirus engines are blocking the file," he wrote.

Sutton noted there would be no shortage of scams taking advantage of the historic news. "Users should use caution any time a site claims to be offering video or photos related to this news," he wrote.

Dangerous Searches

Paul Ducklin, head of technology for Asia Pacific at security firm Sophos, notedon IT security blog Naked Security that what's commonly called Black-Hat Search Engine Optimization means that cyber crooks can often trick the secret search-ranking algorithms of popular search engines by feeding them fake pages to make their content appear legitimate, tricking Web surfers into visiting the illegitimate pages.

"Well-known topics that have been widely written about for years are hard to poison via BH-SEO," Ducklin wrote. "The search engines have a good historical sense of which sites are likely to be genuinely relevant if your interest is searches like Commonwealth of Australia, Canadian Pacific Railway or 'early history of spam.'

"But a search term [that] is incredibly popular but by its very nature brand new --'Japanese tsunami,' 'William and Kate engagement,' 'Kate Middleton wedding dress' or, of course, 'Osama bin Laden dead'-- doesn't give the search engines much historical evidence to go on.

"Of course, the search engines want to be known for being highly responsive to new trends -- that means more advertising revenue for them, after all -- and that means, loosely speaking, that they have to take more of a chance on accuracy," Ducklin wrote.

Mean Social Media

David Jacoby, a Kaspersky Lab expert, cautioned on his SecureList.com blog that, "Facebook ads are already spreading using videos of the death of Osama bin Laden as a trigger. On one page we can see multiple users posting the same URL, with the following message:"Sweet! FREE Subway To Celebrate Osamas Death -- 56 Left HURRY!" or "2 Southwest Plane Tickets for Free - 56 Left Hurry" and then a link to a short URL service (http://tiny.cc/). When you click the link, you will be redirected to a page, where it says that you need to post a message to get more instruction on how you can win. If the user writes the message, it will post a new message on the user's wall, to spread the message further, and then just redirect you to another page where you can win something else. The scheme of this scam is to keep redirecting you to pages where you have to enter information such as email, and eventually get money for all new users or clicks."

Jacoby's advice: Update your computer and antivirus software with all the necessary security patches and if you do click on the links from Facebook and other social media pages, make sure you don't give out any important information, including usernames or passwords.

"Since the bad guys seem to be taking advantage of this opportunity quite heavily, we expect to see more malicious code getting triggered by the death of Osama bin Laden," Jacoby wrote.