[NOTE: As we were publishing this articl, our Latin American office discovered another Black Hat SEO campaign incorporating promises of Osama bin Laden videos on Facebook. Click here to view their article in Spanish. We will follow up on this shortly. AG]
The malware phenomenon started by the announcement of Osama Bin Laden’s death continues unabated, with search results being manipulated to trick those morbidly curious about Le Morte d’Osama into becoming infected. It is important to remind everyone that, so far, none of the malware we have seen does anything novel. It is not particularly different from the malware we saw before the announcement, nor is it likely to be much different than malware associated with other search terms in the near future.
What does make this interesting, though, is the sheer amount of malware being produced, as well as its global scope. While we often blog about SEO-driven malware with English language search terms, this type of computer crime targets every language. We just do not get to see it in operation that often in all of them at once, as in this example found by ESET’s Virus Lab from a Romanian web site:
While the methods used by this particular piece of malware are primitive (mass-mailing worms used the same techniques in the mid-1990s), there are, no doubt, more insidious pieces of malware being deployed as well.
To date, the United States government has not released any videos of Osama bin Laden’s death, and if and when they do, it will be available through the web sites of established news organizations and not on Romanian file sharing sites or blogs that you have never heard of (or, at least, not initially on them, I should say). Stick to those, and avoid clicking not just on links to shadowy search results but also unsolicited e-mails, instant messages, tweets or posts on Facebook. The latter could have been sent by a piece of malware that compromised your friend’s account.
Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher