eWeek Security Watch
Advertisement
Advertisement
December 28, 2007 11:34 AM

Hackers Pounce on Benazir Bhutto Assassination News



If you turn to Google to find information on the assassination of former Pakistan Prime Minister Benazir Bhutto, chances are you will land on a Web site rigged with malicious exploits.

Within hours of Bhutto's death, researchers at Websense Security Labs discovered several Web sites capitalizing on the breaking news surrounding Bhutto's death, including one that was high on Google's results for the generic "benazir" search query.

At 11:00 a.m. on Dec. 28, one of the top three results on Google for the "benazir" search query was serving up a JavaScript redirect to a Web site attempting to load a Trojan downloader on Windows machines.

benazir_malware_on_google.jpg

An alert from Websense Security Labs noted that a malicious Google result for a "generic and simple keyword" is likely to receive large amounts of traffic.

Google usually flags malicious search results with a warning that reads "This site may harm your computer" but, in this case, there is no such warning.

The use of major news events or holiday activity has been a successful tactic for social engineering malware. [ See Techmeme discussion ]

According to an advisory from anti-virus vendor Trend Micro, one of the malicious sites taking advantage of the Bhutto assassination news is serving up a script that downloads a Trojan capable of loading multiple executables on Windows computers.

"TrendLabs found that there is a host of other news sites and blogs taking advantage of this news," it added.

The company said the malicious JavaScript is not exclusive to news sites. "It is also present embedded in other Web sites with a broad scope of topics and interests. There are many other sites that have been possibly compromised (or that include the malicious JavaScript), including Autoworld, Vino, Dogpile, MSN and Google's BlogSpot."

According to Trend Micro researcher Paul Ferguson, searching for this same malicious JavaScript code URL (the malicious script) yields 4,240 results. If the search is narrowed down to also include "benazir," there would be only 103 results.

The "Storm Worm" Trojan has also used holiday-themed social engineering attacks to seed one of the most notorious botnets.

Posted by Ryan Naraine on December 28, 2007 11:34 AM

| Comments (0) | del.icio.us | digg.com | Trackback | Post a Comment
TrackBack

TrackBack

http://securitywatch.eweek.com/cgi-bin/mte/mt-tb.cgi/12323

Post a Comment

 
 


RSS Syndication

Breaking News

Advertisement

Apple

Browsers

Cisco

Corporate espionage

Disaster Planning

eBay

Exploits and Attacks

Flaws

Google

Identity Theft

Intrusion Detection/Prevention

Mergers and Acquisitions

Microsoft Windows

Open Source

Oracle

Patches

Phishing and Fraud

Privacy

Product Reviews

Rootkits

Spam

Virus and Spyware

Vulnerability Research

Advertisement
Security Watch     Contact Us | Advertise | Site Map
Ziff Davis Enterprise

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
RSS Feeds | White Papers | ROI Calculators | Tech Podcasts | Tech Video |

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | eWeek Security | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | IT Marketplace | igrep

Use of this site is governed by our Terms of Use and Privacy Policy

Copyright ©1996-2007 Ziff Davis Enterprise, Inc. All Rights Reserved. Security Watch is a trademark of Ziff Davis Enterprise, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
Ziff Davis Enterprise