Tweet

WikiLeaks’ publication of various leaked confidential U.S. documents has created a global stir and brought several security and political issues into the spotlight. The topic has become a global concern, garnering everyone’s attention, including the security industry and cybercriminals alike. And, as history has taught us, cybercriminals are not too far behind with their attacks every time something hot comes up.

We found a couple of spam runs leveraging WikiLeaks. The first one bore “IRAN Nuclear BOMB!” as subject and contained the URL http://wikileaks1.{BLOCKED}a.com, which connected to http://ugo.{BLOCKED}e.com/226.exe to download a malicious file detected as WORM_AUTORUN.FJK.

The other slew of spammed messages appeared to have come from Twitter. It sported the subject “WikiLeaks on Twitter!” and a link that seems direct to the WikiLeaks Twitter profile at http://twitter.com/WIKILEAKS/4QHW-SRUS83. In reality, however, it connected to http://{BLOCKED}sbargainworld.net/, a site that sells pharmaceutical products.

Earlier this week, Trend Micro senior threat researcher Feike Hacquebord pointed out the rather dodgy background of the ISP that currently hosts WikiLeaks, which raised other security concerns apart from the ones we’ve already reported. More attacks using WikiLeaks as social engineering bait are likely to emerge so long as the controversy itself continues to be featured in news.