• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   WikiLeaks malware causes problems for unsuspecting users

WikiLeaks malware causes problems for unsuspecting users

  • Posted on:August 28, 2016
  • Posted in:Industry News, Security
  • Posted by:Christopher Budd (Global Threat Communications)
0
WikiLeaks has published more than 80 strains of malware.

When WikiLeaks founder Julian Assange created his organization in 2006, he leaked thousands of documents that alleged government misconduct. It caused a storm of controversy worldwide, and as the years have passed and the cache of sensitive documents has grown, more people are paying attention to the internet sensation that is WikiLeaks.

However, the massive popularity of the WikiLeaks documents is now working to its users' detriment.

What's wrong with WikiLeaks?

Gizmodo contributor Michael Nunez reported mid-August that the organization had published more than 80 strains of malware in its most recent email dump, which came from Turkey's ruling Justice and Development party. The infraction was discovered by cyber security expert Vesselin Brontchev, who is an assistant professor at the Bulgarian Academy of Sciences National Laboratory of Computer Virology. This situation is dangerous, because practically anyone who is browsing the WikiLeaks library could click on potentially harmful links without knowing it.

"If you click on it now you'll just download a 101-byte text file (despite the 'exe' extension) which says: this file originally was part of AKP-emails release, but had to be disabled because it was a virus," Brontchev said, according to iTnews contributor Juha Saarinen. "I discovered that there are 3277 additional links still pointing directly to malware. That is, click on a link, malware gets downloaded to your PC."

According to ZDNet contributor Charlie Osborne, there are hundreds of such files and thousands of links that contain malware-lined pitfalls. The malware being hosted on the WikiLeaks site now includes trojans, Windows exploits and Java-based malicious code, all sitting on the servers waiting for an unknowing user to come along and click them. Brontchev noted that most of the malware came in the form of spam emails and phishing attacks.

How did something like this happen?

A simple virus or malware scan would have been able to weed out any unwanted emails containing potentially unwanted programs, but it seems that no such scan took place. The AKP received spam emails containing malware, which were then uploaded to the WikiLeaks cache without any sort of filter involved.

"WikiLeaks is a valuable resource for many, including journalists and activists, but perhaps including a simple warning or launching a malware check before mass-uploading such documents would be worth implementing," Osborne wrote.

Another frightening aspect of this situation is that Brontchev's report is by no means exhaustive – it only combed through a very small portion of the massive amount of information available on the WikiLeaks servers. So there very well could be links to more malicious programs that might infect users' computers worldwide.

Malware problems continue

This isn't the first time WikiLeaks has been associated with malware. According to a 2010 report by Trend Micro researchers, WikiLeaks-related spam emails were being sent to unsuspecting users. The emails would contain triggering subject language like "IRAN Nuclear BOMB" that would entice users to open them, which would inevitably lead to people visiting pages that looked like WikiLeaks sites and unintentionally downloading malware onto their computers.

What's more, also in 2010 Trend Micro Senior Threat Researcher Feike Hacquebord wrote that the main domain for WikiLeaks redirected to one registered by a "bulletproof, blackhat-hosting provider in Russia that is a safe haven for criminals and fraudsters." This didn't exactly bode well for WikiLeaks itself, and it doesn't look like the organization has implemented many new cyber security protocols.

Hackers' eagerness to capitalize on the popularity of WikiLeaks – and their somewhat clever attempts at fear-mongering, which seem to have been successful with those people who did click on the spam emails to read what they thought was information about Iran having nuclear weapons – is indicative of the lengths these malicious actors will go to get into the systems of internet users.

The recent WikiLeaks malware issues were predated by incidents as far back as 2010, demonstrating the fact that organizations and consumers alike need to be careful about the links they're clicking online. In addition, it's critical to make sure your networks and endpoints are protected by cyber security software just in case one of these strains of malware tries to infiltrate your system.

Related posts:

  1. Data security at heart of US military WikiLeaks breach
  2. Operation Pawn Storm continues: Attack Apple users through iOS malware
  3. Even more problems with apps and malware
  4. Chinese malware will continue to pose problems in 2016

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.