As mentioned in my earlier blog, whenever there is a major event, a few days afterwards there is a computer attack.
The death of Osama is one such event which triggered a wave of malwares being sent through email – fotos_osama_bin_laden.zip being one such example.
There are two aspects which govern the hackers:
1: Curiosity of the humans to find the latest news
2: Photos are great and videos are priceless.
Though the initial attack was through email but according to me, the next wave will target Videos – online browsing user. This will be based on browser exploit which will contain drive-by downloads, their payloads ranging from banking trojans to keyloggers or bot systems. If your AV is geared up to handle these then they should be blocked and flash based exploits will take precedence.
Social networking sites will also play an important role, cause one video link can be progate to thousands of users in a matter of minutes.
This is a general advisory:
a: Do not open any attachment which says anything about Osama.
b: Disable remote images in your email client.
c: While browsing for Content on Osama – visit only verifiable / reputed news sites.
d: When on any Social Networking Sites, take extra precaution before clicking on any links which are being posted.
Osama Effect was as expected and for the damages, well lets wait and watch.
[Update] Additional Thoughts
a: Restrict / restrain your curiosity.
b: Effect on IT infrastructure is limited and will be based on the curiosity factor of the user i.e. directly proportional.
[Update 17:42 PM IST ] Additional Advisory for News Agencies.
Journalists in their zeal for “Breaking News” might be targeted by hackers and there might be a breach in network security of the news agencies. This may be a targeted and a planned attack on the IT Infrastructure News agencies. As of this moment, news agencies are the most vulnerable, as their main intention is to gather information.
[Update 12-May-2011 18:37 PM IST ]
Facebook hit by another worm – this time it spams your friends and asks for verification of account.
Bait used: Osama Bin Laden video.