Cybercriminals take advantage of MH17 tragedy: Trend Micro

  • Multiple suspicious tweets direct users to malicious websites hosting malware
  • Advises users to rely on reputable and trusted news sites for the latest news
Cybercriminals take advantage of MH17 tragedy: Trend Micro

SECURITY software specialist Trend Micro Inc is warning Internet users to remain vigilant against cybercriminals who are taking advantage of the recent Malaysia Airlines Flight MH17 tragedy.
Just a few hours after the devastating incident, Trend Micro researchers found multiple suspicious tweets that direct users to malicious websites that are known for hosting the ZeuS/ZBOT and the SALITY malware.
READ ALSO: Unknown Caribbean company files for MH17 trademark
The tweets in question, many in Bahasa Indonesia, used the #MH17 hashtag which was the top trending Twitter hashtag last Friday, when news first broke that the commercial aircraft had been shot down over Ukrainian airspace.

Cybercriminals take advantage of MH17 tragedy: Trend Micro

The URLs are used in a type of spam where the most talked about topic or hashtag in Twitter is gathered so that it can be easily searched by users, Trend Micro said in a statement.
Once clicked by users, their URL count increases. The.TK URLs resolve to the following IP (Internet Protocol) addresses:

  • 72[dot]8[dot]190[dot]126
  • 72[dot]8[dot]190[dot]39

“Based on our analysis, these two IPs are verified to be webhosting/ shared IPs located in the United States,” Trend Micro said.
“The IPs are mapped to multiple domains. Some of these domains are malicious while there are other legitimate normal domain-hosting blogs.
“We surmise that this spam is for gaining hits/ pageviews on their sites or ads,” Trend Micro said, quoting analysis prepared by Jon Oliver, Rhena Inocencio, Maersk Menrigue and Arabelle Ebora.
“On the other hand, the malicious domains associated with these IPs are connected to a ZeuS variant detected as TSPY_ZBOT.VUH and SALITY.
“ZeuS/ZBOT are known information stealers while PE_SALITY is a malware family of file infectors that infect .SCR and .EXE files. Once systems are infected with this file infector, it can open [users’] systems to other malware infections, thus compromising their security,” the company said.
Cybercriminals have always be known for riding the bandwagon of current tragic news and incidents – including the MH370 tragedy last March – to launch cyber-attacks and scams through popular social networks, Trend Micro said.
“In the past, we’ve seen several scams and threats that leveraged on news of Typhoon Haiyan, the Boston Marathon, and the 2011 tsunami and earthquake in Japan, among others.
“We expect that as soon as more details of the MH17 crash unfolds, cybercriminals will launch other attacks that may possibly lead to personal information theft and system infection.
“Users are [advised] to remain vigilant,” it added.
To find out more, see the TrendLabs Security Intelligence blog post here.
Related Stories:
Scammers take advantage of MH370
Cybercriminals exploit Boston Marathon bombing to steal user info
For more technology news and the latest updates, follow us on TwitterLinkedIn or Like us on Facebook.

Keyword(s) :
Author Name :
Download Digerati50 2020-2021 PDF

Digerati50 2020-2021

Get and download a digital copy of Digerati50 2020-2021