Bin Laden news highlights need for caution online

5 May 2011

Websites and Facebook links claiming to show unpublished details of the death of Osama Bin Laden should be treated with suspicion and are most likely fakes intended to infect viewers’ computers with malware, security experts have warned.

It’s a by-now familiar pattern: cyber criminals take advantage of public interest in major global news events to spread malware and to scam unsuspecting internet users. In the case of the former al Qaeda leader, the FBI has issued a warning.

According to the security software firm ESET, the tactics range from fake videos, spam emails, poisoning search engine results and sending malicious links through social media.

“The bad guys know you far too well. They know that all they have to do is say they have video footage of bin Laden and many people will mindlessly click,” said Randy Abrams, ESET director of technical education. “As is always the case with any big news headlines, there are fake videos being posted with the intent of infecting your computer and other things you really aren’t looking for.”

His colleague Andrew Lee added that people searching for content are especially at risk because attackers use search engine optimisation techniques to ensure that sites hosting malware are listed at the top of research returns. This increases the chance that unsuspecting people will click on the links.

Ed Grant, the CEO of Irish email security firm MXSweep, blogged that the White House decision not to release any images of bin Laden has generated high interest in messages purporting to contain either photos or videos of the death. “This makes it even more tempting to users to open such spam messages with the hope of seeing something exclusive,” Grant wrote.

Warning signs

Grant also warned users to beware of fake messages on Facebook claiming to show pages with videos or pictures of bin Laden, and offered tips on spotting fakes. “You should never have to download software to view a video, so that’s your first clue. Secondly, if you have to ‘Like’ a page to view it, then it’s probably illegitimate. As always, with email security and social media in mind, keep an eye out for telltale signs, like poor grammar and non-standard English,” he said.

McAfee Labs showed some examples of the elaborate work that has gone into creating these lures for web users, with screen grabs of doctored photos and supposed video screen grabs on its blog. In another effort to tempt sceptics, some versions of infected sites claim to show a video of bin Laden supposedly alive after the US SEALs operation, McAfee said.

Meanwhile, even those involved in the events of early Monday morning haven’t been safe. Websense reported that the website of Sohaib Athar, the Pakistani IT consultant whose Twitter feed inadvertently provided a live account of the US operation, was compromised and attackers embedded it with code that installs fake antivirus software on computers.

Gordon Smith was a contributor to Silicon Republic