Trojans use Bin Laden's Death, Royal Wedding To Dupe The Unsuspecting

Security firms have issued fresh warnings against malicious trojans in the wake of Osama bin Laden's death and the wedding of England's Prince William. Malware authors have already seized on both events as bait for their own malware hooks and are using the promise of unseen photos/video to snare the unwary. This type of attack and the speed with which it's organized have become commonplace in recent years—when the former Prime Minister of Pakistan, Benazir Bhutto, was assassinated, trojans baited with information regarding her appeared within 24 hours. Since then, hurricanes, elections, and holidays have all been variously tapped as attack vectors.

According to Fabio Assolini, a lab expert with Kaspersky, poisoned search results purporting to show bin Laden's corpse began appearing within Google Image results within hours of the formal announcement. Clicking on such images transfers the user to a hostile domain where the much-loved "Antivirus XP" (currently billing itself as Best Antivirus 2011) pops up and attempts to convince users that they've contracted a virus. The other major vector is flash-based and a bit more subtle. Instead of attempting to lure the user into an anti-virus scan, it shows a broken video window and claims that a necessary plugin must be updated or installed. Users who then click are handed XvidSetup.exe, a seemingly legitimate file that installs an adware trojan known as hotbar.

Google image search. The lower-left hand result isn't just Photoshopped--it's infected.

Kaspersky Labs also reports that bin Laden-infected trojans are spreading via Facebook via the 'Like' button, with promises of free food, plane tickets, or a donkey. Multiple users spam pages with a URL redirect claiming such goodies are a click away, but provide a TinyURL address that bounces users from page to page until they eventually register an email address and eventually pay money.

These unsophisticated social attacks work because they take advantage of a user's sense of security. This is doubly true on Facebook where people are used to seeing short messages from their friends that link to all manner of games, photos, or random statements. Under such circumstances it's not surprising that a number of otherwise-savvy computer users are willing to click on malicious links and follow the trail. These abuses are effective precisely because they take advantage of our curiosity regarding the macabre and our willingness to trust people we consider friends--even by minimal Facebook standards.

On a positive note, it doesn't seem as though the malware programs are anything new. The trojans in question are hotbar (an adware tool) and Trojan.Win32.FakeAV.cvoo. Both of these are already detectable (though hotbar is only picked up on 19 of the 41 engines available at We recommend readers steer well clear of Google Image and Facebook groups on either topic, and pass the word to friends/relatives to do the same.
Via:  SecureList
inspector 3 years ago

Thats why i didn't care about neither events :P. i did google laden's death but i only clicked on news articles from official sites :)

OMEGADraco 3 years ago

Typical of scammers... This is why it is so important to pay attention to what links you are clicking on. I really wish that Google images had a way to scan the links they index on there site. More and more people have been getting rogueware at my job from doing Google Image searches. Though at home its the bread and butter of my side work since I can usually clear them up in about 15 minutes.

OSunday 3 years ago

Ridiculous, scammers are idiots which is why idiots only fall for their scams.


Its surprising how many people do fall for things like that, although can you blame with when "winning a donkey is just a click away!"

Who could turn down a chance for a free donkey?!

SammyHayabuza 3 years ago

@ Joel

Is that Google Search Snippet from your own search? I didn't know you knew Portuguese!!

HHGrrl 3 years ago

The part that worries me most about these threats are when they're hidden behind shortened URLs and you have no clue what you're getting into. Just goes to show you have to be careful what you click on!

fat78 3 years ago

What worries me about this is friends clicking on it and having to clean it off or worse family members click on it and information is givin out.

"if it looks to good to be true, you are probably not going to get that free car."

inspector 3 years ago

People on facebook are either being hacked or they fell for a scam and it spreads. My friends facebook had a link on his status about him and i clicked it thankfully my antivirus blocked it.

rrplay 3 years ago

my ex wife speaks Portuguese fluently maybe I'll give her a call ?........Not today !

omegadraco 3 years ago

Damn shortened URL's... Makes me want to surf the internet on a Virtual machine more than ever.

Post a Comment
or Register to comment