The death of Osama bin Laden has gone viral, with blogs, social media and search engines pumping terabytes of rumor, innuendo and conspiracy theories at the speed of light, along with the occasional kilobyte of truth.  As the number of people searching for pictures and videos of bin Laden’s execution has skyrocketed, the criminal syndicates which perform “black hat” search engine optimization (BHSEO) have exploded as well, creating malware-laden sites and performing all sorts of tricks to get them returned as the first results in search engine results.  While such criminal activities have become the norm, are highly automated and otherwise not worthy of interest, the sheer amount of search activity has unleashed a tidal wave of scams and malware.  We were so taken aback by the volume that our last four posts to the ESET Threat Blog have been on this phenomenon. 

However, that is not to say that criminal organized BHSEO activities around Osama bin Laden’s death are the only malware-related activities occurring on the Internet, or even the largest in scope.  As I mentioned in a note at the top of my previous article, “Global malware thrives on the demise of a global terrorist,” ESET is also seeing a similar upsurge on Facebook.  It’s easy to see why:  With over five hundred million active users, Facebook would rank between India and the United States as the third-most populated country in the world, if it happened to be a country.  For criminals, having so many computers and their users interacting through one single web site (albeit a very large and distributed one) must instil the same feelings a compulsive gambler has when winning a jackpot, only magnified accordingly.

As researchers at ESET Latin America reported (Google translation here in English) earlier today, criminals are using social engineering to bypass Facebook’s own security measures against malicious JavaScript code by tricking people into copying and pasting it directly into their web browser’s address bars and then running the code.  Below is an example of a malicious Facebook post a business partner received a few hours ago:

 Facebook Bin Laden Execution Video scam

Our partner knew better than to follow the instructions in the post and instead contacted us, but how many other people would blindly perform the actions in the post without even attempting to confirm with the friend that they had sent the post?  This is, of course, what one should do whenever one receives even a slightly-suspicious post, email, IM or message from a friend asking you to jump off a roof click on a link, as our own Randy Abrams recommended in the first of our posts exploring the connections between Osama bin Laden SEO and malware.  While amongst the simplest kind of attacks, those that use social engineering are amongst the most difficult to combat, not because of their technical sophistication but because they exploit the trust that we as human beings innately have in others, whether it be family, friends, colleagues and even a friendly stranger. 

Regardless of BHSEO, links to videos or pictures on Facebook and other social media services, or what are likely be the first of many emails you receive from the executors of Osama bin Laden’s estate in a far-away country who wish to provide you with millions of dollars due to your honesty and good looks, the key to avoiding being taken by such scams, infected by malware or having the contents of your bank account emptied overnight, the solution is fairly simple:   Treat each request you receive to click on a link and visit a web site, paste something into your web browser’s address bar or share your bank account’s credentials with a complete stranger with a healthy dose of skepticism.

As to those of you who read through this blog article in its entirety in the hope for a link to videos or pictures of the death of Osama bin Laden, let me reiterate this simple fact that we have presented in our other blogs posts on this subject: 

Videos of Osama bin Laden’s death have not been released by the United States government.  If and when they ever are, they will be provided to reputable news organizations.  Visit the web site of your favorite television news channel or newspaper first, not a Romanian file sharing site. They will provide you with what you need for closure.

It is very likely we are to see and hear of additional malware exploiting Osama bin Laden’s death in the coming weeks, months and perhaps even years, not to mention scams and other criminal activity online.  By keeping your operating system and key applications up-to-date, following safe computing practices like those espoused through Securing our eCity, and, yes, running anti-malware software, you can prevent your computer, your personal information and your bank account from becoming a footnote in casualties of the war on terror.

 

Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher