« Back to article

Print this article

Beware of cyber Osama!

Osama Bin Laden's terror still looms large, even after his death. Now he seems to be creating a problem on the internet. According to Abhijit Limaye, Director, Development, Symantec, cyber criminals look to make a killing by leveraging the big news through spam, phishing and social engineering tactics.

More than a day after Osama was killed the world is still abuzz with how the dreaded terrorist was brought down. The first spam using news of Osama's death was seen in the wild within three hours of the event.

Thanks to the internet and the popularity of social networking and microblogging websites, the news spread like wildfire. But with the world turning to the internet for more details, cyber criminals are out there to make a killing too.

Click NEXT to read further...

No, don't click on that link!

Large businesses are exposed to serious security risks, given the increasing consumerisation of information technology and growth in employee use of social networking websites, webmail, and popularity of peer-to-peer file sharing networks and programs.

Currently Symantec's probes are receiving multiple malicious spam samples in Portuguese, French and Spanish languages. The links in these spam dumps a 'downloader' software on the victim's machine, which in turn downloads the actual malware.

Further analysis of these attacks show that most of the attacks have originated from Brazil, Europe and the United States. Phishing attacks usually target big brands.

The email contains link to the photos and uncensored videos and directs uses to phishing site. The site shows an auto-loading video of Osama, and asks the user to click on the link to download the complete video.

Clicking on that link downloads an .exe file (which is actually the downloader, a malicious software program that download content from the web without the users permission). Symantec cautions users against opening any shortened links on microblogging and social networking sites.

Click NEXT to read further...

Don't fall for a little sensationalism

These are very commonly used by cyber criminals to fool users into believing they are visiting a legitimate link. The Internet Security Threat Report XVI states that 65 per cent of malicious links on social networking sites made use of a URL shortening service. Of these URLs, 73 per cent were clicked 11 times or more, with 33 per cent receiving between 11 and 50 clicks.

As far back as 2004, it was observed that the "Osama Hanged Hoax", an email that informs the receiver about Osama being hung. Some versions of the email also contain a link to the website that hosts malware, infecting the visitor's computer.

These messages have resurfaced every time there was some Osama-related news.

Sensational news items such as Osama's death provide cyber criminals with the perfect opportunity to make money -- a large audience is interested in this news -- making them vulnerable to engineered tricks where they are duped into clicking on malicious links or giving away private information.

Click NEXT to read further...

Your credit card could be on sale for Rs 5!

This information can then be used to launch additional attacks, or stealing sensitive bank accounts or credit card details. What's worse, these criminals are buying and selling the information stolen in this fashion on the online underground markets.

According to the latest Internet Security Threat Report XVI, Symantec observed credit card data sold for as little as Rs 5! Indians need to be particularly careful, since 54 per cent of Indian internet users access social networking sites and 52 percent use the web to look for information through search engines, according to industry reports.

With India ranking second globally for malicious code, it is evident that Osama will continue to be a danger even after his death, at least online.