Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    WikiLeaks’ publication of various leaked confidential U.S. documents has created a global stir and brought several security and political issues into the spotlight. The topic has become a global concern, garnering everyone’s attention, including the security industry and cybercriminals alike. And, as history has taught us, cybercriminals are not too far behind with their attacks every time something hot comes up.

    We found a couple of spam runs leveraging WikiLeaks. The first one bore “IRAN Nuclear BOMB!” as subject and contained the URL http://wikileaks1.{BLOCKED}, which connected to http://ugo.{BLOCKED} to download a malicious file detected as WORM_AUTORUN.FJK.

    Click for larger view

    The other slew of spammed messages appeared to have come from Twitter. It sported the subject “WikiLeaks on Twitter!” and a link that seems direct to the WikiLeaks Twitter profile at In reality, however, it connected to http://{BLOCKED}, a site that sells pharmaceutical products.

    Click for larger view Click for larger view

    Earlier this week, Trend Micro senior threat researcher Feike Hacquebord pointed out the rather dodgy background of the ISP that currently hosts WikiLeaks, which raised other security concerns apart from the ones we’ve already reported. More attacks using WikiLeaks as social engineering bait are likely to emerge so long as the controversy itself continues to be featured in news.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice