With the biggest news in a decade dominating the Internet, it didn't take long for rogue viruses, Trojans and other malware to mess with computers given the chance.
Web searches and links to a variety of stories — real and fake — about the death of Osama bin Laden are sprouting with all kinds of malicious software as cybercriminals look for a big payday tied to the appetite for news about the Al-Qaida leader's demise.
"The bad guys were quite fast and started to poison searches results in Google Images," said Favio Assolini, a Kaspersky Labs expert on the security software company's blog. "Some of the search results are now leading users to malicious pages."
As an example, Assolini shared a Google search page with the words "osama bin laden body" typed in the search box. "When clicking an image in the results page, the user will be redirected to one of the malicious domains," antivirus.cz.cc/fast-scan/ and pe-antivirus.cz.cc/fast-scan/, he said. Both are "offering" a copy of rogueware called "Best Antivirus 2011." And both can bring your computer down.
"When searching, even for images, be careful," Assolini warns. And the computer programmer quickly becoming known "the guy who liveblogged the Osama raid without knowing it" even found his own blog server stricken by malicious software.
"It is a good thing my blog server is infected with malware today, I guess :-/" Sohaib Athar said on his Twitter page, after being inundated with questions by journalists and Twitter followers. But it is NOT a good thing if you click on Athar's website that's listed on his Twitter page. That's where some malware is sprinkled, and you could get hit.
Christen Gentile of Kaspersky Labs' said as Internet users search for bin Laden news, "they should be aware of two new types of scams that are ready and waiting to take advantage of them."
Cybercriminals, Gentile said, have begun search engine optimization efforts, where they "take popular search terms," like bin Laden or anything associated with him or his death, "and use them to direct people to malware ... in popular search engines, trying to lure users to install rogueware."
Search results in Google images have been poisoned, he said. "Some of the search results are leading users to malicious pages. Upon clicking on this search result or image, the user will be redirected to a malicious domain which can infect the user's computer."
Also, on Facebook, where an "Osama bin Laden is DEAD" page sprouted up, there are some advertising offers celebrating bin Laden's death and offering "free tickets or free sandwiches, in some cases," Gentile said. "By clicking on these ads, users will be redirected multiple times, each time asking for more information, resulting in the potential gathering of email addresses or sensitive information." advertisement
For more information on the Facebook scram, check Kaspersky Lab's blog.
SophosLabs has a good guide to help you decide what to do: Watch out for the links you're likely to come across in email or on social networking sites offering you additional coverage of this newsworthy event.
Many of the links you see will be perfectly legitimate links. But at least some are almost certain to be dodgy links, deliberately distributed to trick you into hostile internet territory.
If in doubt, leave it out!
Sometimes, poisoned content is rather obvious. The links in this spam captured by SophosLabs, for example, give the impression of going to a news site:
"If you go to a site expecting to see information on a specific topic but get redirected somewhere unexpected — to a 'click here for a free security scan' page, for instance, or to a survey site, or to a 'download this codec program to view the video' dialog — then get out of there at once. Don't click further. You're being scammed," says SophosLabs' Paul Ducklin on the company's blog.
So be extra careful on the Interwebs today, kids. Don't do what I did — click on a link that I thought was legitimate, only to be hit with a rogue installation of a Windows "Total Security Removal" Trojan that flashed fake security alerts and installed itself on my computer without my permission.
I'm working to get if off the laptop right now, and writing this on another computer. It's a Mac, but from colleague Rosa Golijan's report today, I see that's not safe, either.