Malware Sites Exploit Former Pakistani Prime Minister Bhutto's Assassination

Filed in archive Malware on December 30, 2007

Just hours after Pakistan's former prime minister, benazir bhutto was murdered, cyber criminals had released sites using the news to spread malware. The malicious sites even made it to the top of Google's page rankings.

"We've come to understand that almost any high impact media event is going to be used as a social engineering tool for malware," said Dave Marcus, security research and communications manager at McAfee. "It's such a horrible event, but at the end of the day, it's a very good social engineering tactic."

"If it's a high impact media event, chances are it's going to be pushing out malware," said Marcus. "It's not Google's fault. It's just that the attackers are using the free service that Google provides."

The sites offered videos claiming to show footage of Bhutto's murder, but instead they downloaded a malicious codec to the viewers computer.



This codec steals personal info and sends it back to the criminals. All the sites appear to redirect to the 3322 domain, which has been seen in past attacks. So far at least 10 blogger sites have been found to contain the fake video.

"They entice users through posing as news for the events," said Dan Hubbard, vice president of security research for San Diego-based Websense, a security company specializing in Web and content filtering, via e-mail. "(The sites) are malicious however, and behind the scenes, attempt to infect users who have unpatched PCs and install Trojan Horses for financial gain."

We recommend keeping all anti-virus and anti-spyware tools updated and only visting well known sites when searching for news. Never click on a video link found on a site you're unfamilar with.