BitDefender has released statistics from its social networking safety app safego revealing 11.21% of Facebook scams in the last 24 hours are themed around Osama Bin Laden’s death. Three variants of messages claiming to show footage of Bin Laden’s death have been identified and once unsuspecting users click through to the malware ridden content notifications will flood their friends’ walls to further promote its existence and ensure longevity.
BitDefender researchers have been monitoring malicious activity related to Bin Laden’s death since the news broke and have also identified some ‘classical’ threats already beginning to develop. A couple of samples named ‘Fotos_Osama_Bin_Laden.zip’ have been identified via the automatic submission system with preliminary analysis revealing them to be variants of the Banload banker family, identified by BitDefender as Trojan.Generic.5849157. Just like any Brazilian Banker, the attack vector appears to be a spam message purporting to bring extra visual cues about Bin Laden’s death.
Just a couple of hours after the initial announcement of Bin Laden’s death a large amount of fake news pieces started flooding search engine queries. BitDefender now expects PDF exploits to begin appearing in mail attachments, an approach successfully implemented by the now defunct Storm Worm gang a few years ago.
“Bin Laden’s death has not gone unnoticed by cybercriminals and users searching to find content around the subject may well stumble upon a series of websites hosted with the free domain provider co.cc which are heavily optimised for keywords such as Bin Laden death,” states Catalin Cosoi, Head of the BitDefender Online Threats Lab. “If users do land on this kind of site they will be presented with a fake scanner page and prompted to download a rogue antivirus utility, which they should definitely avoid.”
Cosoi continues, “Users looking for more information about Osama Bin Laden’s death should consider visiting the website of their favourite news outlet. Always remember that newsletters don’t come with attachments and if you happen to receive such messages from unknown senders we recommend that you delete them immediately.”