We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Malware makers exploit Bhutto assassination

Hackers attempt to dupe users with attack code

Malware makers exploited the breaking news of former Pakistani Prime Minister Benazir Bhutto's assassination on Thursday by attempting to dupe users into downloading attack code, security researchers said on Friday.

Searches for news about Bhutto's killing and the ensuing chaos in Pakistan listed sites pimping a bogus video codec, said analysts at McAfee, Symantec and WebSense.

For instance, WebSense found such a site simply by using 'benazir' to search on Google. Meanwhile, McAfee quickly located 10 sites hosted on Blogger.com, Google's blog service, that were spreading the fake codec.

The sites use the well-worn tactic of promising a video - in this case one of Bhutto's assassination - but telling Windows users that they need to install a new high-definition video codec, the program that decodes the digital data stream, to view the clip. Naturally, the so-called codec is no such thing, but is instead rigged code that downloads a variant of the Zlob Trojan horse, a back door that can infect the compromised PC with a wide range of other malware.

"Even death isn't sacred to some," said Symantec researcher Vikram Thakur in a post to the company's security response blog.

Other hackers are relying on the news of Bhutto's assassination to draw users to sites that forgo the codec angle and instead conduct drive-by attacks, said Rahul Mohandas, a security analyst at McAfee's Avert Labs unit. "There are a plethora of sites which attempt drive-by installations when unsuspecting users visit search-engine results for 'Benazir Bhutto'," said Mohandas in a post to the Avert Labs blog this morning. "Many of these compromised pages have malicious scripts, which point to the 3322 domain. These pages contain obfuscated variants of the MS06-014 exploit, which is perhaps one of the most popular of all the exploits we see on a daily basis."

MS06-014, issued in April 2006, patched a critical vulnerability in an ActiveX control that is part of Microsoft Data Access Components (MDAC), which are packaged with Windows XP and Server 2003.

Shilling bogus codecs is a popular pastime of attackers. The technique has been used to plant malware on PCs from singer Alicia Keys' MySpace page, for example, and was the vector used by hackers who went after Macs last month.


IDG UK Sites

Nexus 6 vs Sony Xperia Z3 comparison: Lollipop phablet takes on KitKat flagship smartphone

IDG UK Sites

Why people aren't upgrading to iOS 8: new features are for power users, not the average Joe

IDG UK Sites

Free rocket & space sounds: NASA launches archive of interstellar audio on SoundCloud

IDG UK Sites

iPad Air 2 review: Insanely fast and alarmingly thin. Speed tests, camera tests, beautiful...