Many websites apparently meant to mourn Pakistani Prime Minister Benazir Bhutto's murder by assassin were really designed to help spread malware for fraud and other nefarious purposes. This proves again how quickly Internet criminals can move to capitalize on opportunities to find new victims. Most of these malicious websites are located at the free blog site hosted by Google. These personal websites materialized almost immediately after Bhutto's death, and were built to spread viruses. The Google Blogspot pages that promised a video of the assassination of Bhutto were quite popular since they gave an alternative angle to the official Government explanation regarding the cause of death of Bhutto, and remain active today, claim security analysts. Alex Eckelberry, president of Internet security provider Sunbelt Software, claims surfers seeking Google for assassination videos are often brought to Blogspot pages that immediately redirect to sites containing fake codec viruses. Eckelberry said, "If they click to install the codecs - said to be needed to watch the video - their PCs are infected with malware that will change DNS settings and hit users with pop-up ads to purchase fake anti-spyware products. Blogspot has become a pretty good haven for these guys these days." He continued, "These Blogger pages are supposedly well optimized for Google, and it's places (for attackers) to land, just like (Yahoo) GeoCities and other free hosting sites." Eckelberry claims he began seeing similar attacks starting months ago.

Videos of sensational or popular events have been used by cybercriminals in the recent past to spread malware. For example, during the Fifa World Cup, the headbutt heard 'round the world, delivered by French soccer captain Zinedine Zidane was used for such an attack, as well as films of the recent California Wildfires, and Hurricane Katrina footage, and US election clips, as well.

A new danger revealed by these virus assaults is the ease at which the malware can be transmitted from the Internet to computer. Researcher Tom Mercado, who owns TeMerc Internet Countermeasures, claims these Blogspot codecs can infect users without any action on their part. He says the Blogspot readers using the "Next Blog" randomly transport users to another blog, where they arrive at a malicious page that automatically inserts malicious files into their hard-drives." Mercado said, "It's just land on the site and, pow, get hit."

These Trojan virus codes help the thieves steal banking account information, passwords and other private details from private computer. The data is mailed back to the criminal who runs that malicious site who then uses it to commit financial fraud. The security site Websense reports they found 20 such websites, and their IT defense experts claim one out of every three links coming from a Google search directs surfers to a malicious website.

For its part, Google claims they shut down such sites when discovered, yet analysts believe that these malicious addresses will continue to be hosted by the massive company. A Google spokesperson claims there is no security hole on Blogspot, and the corporation will continue to delete user addresses that open to spam or redirect users to malware, asserting -- "Google takes the security of our users very seriously."

Security experts are left to grapple with the question of whether there is any practical way to prevent these attacks. The IBLS answer is that, realistically -- the only way to truly protect yourself is to simply assume that a large percent of the websites you visit may have a continuing propensity towards malware. This danger occurs through either lax security measures, or by way of being hijacked by cybercriminals - as recently happened at Facebook through the Alicia Keys fansite (reported here by IBLS -- Popstar's Website Hacked to Spread Virus to Fans, Showing ID Phishers Focusing on Social Networking Sites).

Therefore, the best response is to create a holistic strategy of self-protection, which includes the commitment to install a good and up-to-date anti-malware program, adding firewall measures, a virus hunter turned on 24/7, anti-phishing monitors, and a spyware program. The IBLS philosophy is that Internet security must be built upon a foundation of vigilance and self-reliance while employing the most up-to-date security measures.

For those who feel especially vulnerable, security giant Symantec offers a free virus "Internet Threat Meter" that sits on the user's computer screen desktop and constantly updates as to the current state of Internet safety, moment-by-moment, including any heightened alerts driven by cyber attacks.

Original: http://www.ameinfo.com/143176.html

This entry was posted by Johnathan Kastner on Monday, January 7. 2008 at 10:34.