Shamelessly exploiting disasters
Introduction
In previous security articles, we discussed the fact that cybercriminals use big events to spread malware. There are two types of events that are used - recurring (e.g. Christmas holiday, Valentine's Day) and new (celebrity issues, disasters).
Not surprisingly - nevertheless disgusting - the recent events in Japan have inspired shameless exploitations by cybercriminals.
In this security article, we shall examine some of the techniques that are used.
General characteristics
Seen from a cybercriminal's point of view there are some characteristics about events that should be noted:
- Incidents that are unforeseen are ideal for malicious activity than recurring events. The former have some special advantages, as we shall see below.
- The more focus an event gets, the better suited it is as a vector for malware.
- News variants offer additional attack options.
The catastrophe in Japan has at least three different aspects that a cybercriminal may focus upon:
- The first huge earthquake (and subsequent earthquakes)
- The tsunami caused by the earthquake
- The nuclear disaster
These three - and variants - can be used by the cybercriminal in order to trick innocent users. The ultimate goal for the cybercriminal is almost always monetary. Her way to accomplish this goal is to trick users to perform actions that have consequences that are different than the users expect.
The general system may be divided into a series of events like this:
- Trigger the user's interests.
The trigger may be an email, a Facebook posting etc.
- Trick the user into performing a particular action.
Such an action may be to click on a link, and opening an email attachment, to mention just two examples.
- Exploit the potential that has manifested itself from the user's action.
Examples are selling personal information obtained, and using the user's computer as a zombie in a botnet.
Techniques used to exploit the disasters in Japan
Below are some examples of techniques used by the cybercriminals to exploit the tragedies that have fallen upon Japan. Note that these are only some of the tricks used - new variants will appear as long as the events in Japan are top of the news.
SEO poisoning
One technique particularly useful for cybercriminals, who aim to take advantage of new events, is called Search Engine Optimization (SEO) poisoning. We have discussed this in previous security articles see e.g. this item.
The simple explanation of SEO poisoning is that one manages to get particular web pages high on the results list by using particular techniques.
A search using e.g. Google with words associated with the disaster in Japan, most likely results in an immense number of hits. Several of these are probably fake news pages, which are set up by cybercriminals aiming to infect visitors' computers or attempt to trick you by other means.
One typical brand of malware that is propagated by this technique is fake antimalware. SANS' Internet Storm Center has published a very good analysis about the techniques those behind fake antimalware use to poison search engines, and how they are able to be so quick whenever a new incident occurs.
Spammed fraudulent emails
Another variant using the email attack vector is the one that attempts to trick you into donating money.
The fraudsters will often use the name of legitimate, respected organizations - like the Red Cross and UNICEF - and provide links to web sites that resemble the real sites.
Money donated through this type of fraudulent donation sites, will not reach the victims, but the cybercriminal that set up the scheme. The personal information that you were tricked to enter - e.g. credit card information - may subsequently also be abused by cybercriminals.
One such fraudulent email appeared to come from the British Red Cross, which subsequently set up a warning about fake donation requests. One paragraph from the British Red Cross' web page with useful information reads:
Unfortunately there are currently some fraudulent emails circulating claiming to be raising money for the Japan Tsunami Appeal, please be aware we will never ask for people to donate through companies such as Western Union or Money Bookers.
Attacks using social networks
Social networks have in recent years, been one of the most successful and thus popular attack vectors.
There are numerous examples of clickjacking - or likejacking - postings on Facebook. One of these claims to show a video of a whale that are launched into a building by the tsunami.
Spammed malicious emails
Email is still a useful and popular technology for cybercriminals.
If they succeed in tricking a sufficient number of recipients to click on malicious links and/or open malicious attachments, this is a low-cost and well-proved technique. Spammed emails are often used in combination with the other attack vectors mentioned above.
SMS hoax
Among the more peculiar fake messages is an SMS message that spread in the Philippines and other countries close to Japan in soon after the nuclear radiation problems were reported. The message was
Radiation may hit phil starting at 4pm today. Pls send to ur loved ones
It soon became clear that the message was a hoax. Nevertheless, it was reported that schools sent their students home in order to avoid radiation.
The motivation behind this type of message remains obscure unless its origin was due to a misunderstanding and not intentionally meant to cause distress.
Avoid being a victim
Clever, targeted attacks are almost impossible to protect against.
However, the attacks that utilize disastrous events are rarely targeted, and you should be able to implement security mechanisms in order to avoid being victimized.
You should of course have updated malware protection software and firewall in place. Other security software may ensure increased protection. Exploitation of software vulnerabilities is a very common technique to get malware installed on your computer, and it is therefore imperative that you update your operating system and software as soon as possible after the vendors have published security patches.
In our two-part article
you will find useful suggestions on how you can protect yourself against malware. The single most important measure is to increase your own awareness.
