Cybercriminals wasted no time riding on the tragic and shocking news of former Pakistan Prime Minister Benazir Bhutto’s assassination, as Websense discovered a number of malicious Web sites that came up on Google search results using the simple search term “benazir.” These sites attempt to infect users who want to know more about the unfortunate incident.
The malicious script downloads a Trojan (already detected TROJ_SMALL.LDZ), which in turn downloads more malicious files, namely WORM_HITAPOP.O and TROJ_AGENT.AFFR.
A graphical representation of this routine is as follows:
Upon further investigation, however, TrendLabs found that there is a host of other news sites and blogs taking advantage of this news.
All related malicious URLs are already blocked by the Content Security Team and are thus inaccessible to Trend Micro customers.