The world was all ears when U.S. president Barack Obama announced that known terrorist Osama bin Laden was killed by the U.S. special forces in a gunfight that occurred in Abbottabad yesterday.
Twitter posted a graph of the number of Tweets per second from the night Osama bin Laden was reportedly killed, which shows a continuous increase in Tweeting activity, the most seen so far. Such attention from users is not surprising due to the emotional relevance of the event, not only to people from the United States, but also from other countries.
It is no longer surprising to see peaks in social media activity due to the occurrence of global events. Nor is it surprising to see how fast cybercriminals leverage newsworthy events as social engineering ploys. The same trend was seen with the recent Japan earthquake. We saw a series of attacks that all took advantage of the disastrous event.
An event as big as the death of a globally known terrorist will definitely not go unnoticed and will certainly be used in cybercriminal attacks. We can expect several attacks to leverage this emotionally charged development. In fact, within hours after the announcement, we already saw blackhat search engine optimization (SEO) attacks spread FAKEAV variants. We also saw attacks targeting social network users, particularly in Facebook, through pages that claim to contain videos showing footages of Osama bin Laden’s death.
The code that the users were asked to copy and paste into their Web browsers’ address bar in this attack led to a script detected as JS_OBFUS.AB, which posts links that lead to the Facebook page shown above.
We also saw links that lead to similar pages being distributed through Facebook Chat. Unlike the example above, however, the sample chat message claimed to lead to an “execution video.” The code in the said page leads to a malicious script already detected as JS_FBJACK.C.
Facebook was, however, not the only means cybercriminals used, as we came across spammed messages telling recipients about a video that supposedly disproves Obama’s announcement of bin Laden’s death. The URL embedded in the sample email message is now inaccessible though there may be other variants of the said message in the wild. These can lead to either malware download or phishing sites.
Leveraging global events as social engineering ploys in attacks is likely to continue in the future unless users learn to change their computing habits. Users are thus advised to change their mindset and to bear in mind that their willingness to obtain more information is paralleled by cybercriminals’ drive to use noteworthy events to steal information. Here are some tips that can help you avoid becoming victims of cybercriminal attacks while staying abreast of the latest news:
- Instead of using top-of-mind keywords to search for news, bookmark a trusted news site and directly access it instead. Note, however, that this may not save you from attacks if the site itself has been compromised unless your system is adequately protected. This is, however, a far better practice than blindly clicking links that appear as search results.
- Consider any information on a social networking site false unless proven otherwise. Try to see where the information came from, possibly through backtracking posts or Tweets.
- Use a security software and keep it and your system updated at all times.
We are still monitoring developments related to this event. Trend Micro product users, however, are already protected from the threats mentioned in this post via the Trend Micro™ Smart Protection Network™.
Update as of May 9, 2011, 9:00 PM Pacific Time
We’ve developed a comprehensive report on the attacks that leveraged this event. For more information, please check: Osama bin Laden’s Death Serves as Social Engineering Lure.