As always tragic incidents are a sure fire profit making way for cyber criminals. After using the Malaysian Airlines MH370 disappearance to mint money through scams, now the scamsters are using the crash of the Malaysia Airlines flight MH17 in eastern Ukraine on June 17.
Adding food to the fodder is the mystery surrounding the the incident with many conspiracy theories arising thereby providing scammers and cybercriminals a nice opportunity to exploit the tragedy for a wide range of criminal activities like spamming, scams and malware distribution.
“Unfortunately, the actions of hackers worldwide are designed to generate profits. They focus on psychological triggers, on anything they can use in order to draw people’s attention and con them into getting from them whatever they wish whether its sensitive data, web traffic, clicks and so on,” Alex Balan, product manager at BullGuard, told SecurityWeek. “Any important event which is of high interest (such as tragedies similar to MH17 flight or the results of an election before it is closed) will be used by hackers in order to monetize people’s curiosity and interest.”
The security researchers have found that most of the scammers employing this tragedy for spamming. But Kaspersky Lab experts spotted one religious email-based spam run abusing the news.
As with other scams, this tragedy is also being marketed as a must see video of the shooting down of MH 17. However clicking on the video leads victims to websites involved in affiliate marketing strategies based on CPA (Cost Per Action) or CPC (Cost Per Click) monetizing schemes. While another scammer spotted by Hoax Slayer attempts to trick users into completing surveys by promising them actual footage of the missile fired by pro-Russia Ukranian militants to take down the Malaysian airliner. Other scammers have been trying to lure victims to undesired and virus laden websites with the help of fake Facebook tribute pages.
Trend Micro analyzed a Twitter spam campaign that started shortly after Malaysia Airlines reported that it had lost contact with flight MH17 from Amsterdam. Several tweets written in Indonesian attempted to lure people to various websites and ads. Another scamster has invites visitors to see the video. When the victim clicks on the video he is made to download a browser extension. This browser extension may then connect with the remote command and control server and download malicious payload on the victims computer or simply act as a keylogger and steal your vital bank and other secret login credentials.
As always, we at Techworm warn users not to open any such videos/attachments which are received from known/unknown sources. Original videos if any are always available with big news websites.