by Nidhi Shah, Security Researcher
Along with media, homeland security and Al-Qaeda supporters, another group of people got to work immediately after Osama Bin Laden was killed: malware authors. This is not surprising given malware writers propensity to take advantage of the day’s current events as a way to reach the largest number of eyeballs and victims.
This news is no different. We noticed multiple campaigns taking advantage of the news within hours of its announcement. One such campaign showed up on Facebook offering a video of the killing:
Clicking on the link leads the user to a fake blog with video, which in turn requires the user to “Like” it in order to get to the video. However in doing so (“liking”), the user is authorizing the malware to post on his/her wall and fill it up with other “Like” messages that were never authorized. “Like” messages are shared automatically via the Facebook newsfeed on a user’s network; therefore, these messages quickly become viral and spread via trusted channels.
There are multiple other campaigns taking advantage of this news and also creating new related headlines to get more attention. Like this campaign (again on facebook):
Clicking on that link will lead you to the blog full of such fake headlines.
While this one did not directly lead to any malicious impact, clearly the headlines are fake. That leads us to believe that we might have encountered it while malware authors were still in the process of preparing their next malicious campaign. Or that they could be taking advantage of current events and user curiosity for increasing search engine ranking for these pages.
Our advice to readers is to be cautious while browsing the Web to look for more details related to this event and any other major news in general. We recommend visiting the major news channels directly to get more information rather than click on links in Facebook or Twitter, even if they are seemingly posted by friends or trusted sources.