Thursday, May 05, 2011
FBI warns of viruses purporting to show pictures of Osama bin Laden; "Blackhole" exploit may be involved
The FBI is warning home computer users about the circulation of computer viruses, worms and Trojans purporting to contain images or videos of Osama bin Laden’s corpse; most or all are likely to include malware. The FBI blog link is here.
The FBI blog entry (May 3) focuses on emails with links and attachments. It also mentions firewalls and the importance that website owners be wary of how others are allowed to update content on their sites (with comments, forum postings, blog postings, and the like) or the possibility of compromise of their social media sites. The posting doesn’t discuss the adequacy or Windows’s own firewall (in XP, Vista, or W7).
Stashank Stekhar has a story in “Mid-Day”, “Steer clear of ‘Osama’ virus”, link here.
The story discusses Kaspersky Labs investigation (I expect to see tweets from Webroot soon), and mentions the possibility that he blog of the person in Pakistan who live tweeted the raid, Sohaid Ahtar (“@RallyVirtual” on Twitter) may have been compromised with the “Blackhole exploit kit”, and that visitors to his site early Monday may be silently infected. However, I just checked the “reputation” of the site in Google through Firefox 4 and it still gets a green light from McAfee SiteAdvisor and MyWOT.
There is a discussion (Feb. 2011) of Blackhole on Websense here.
Tech Herald, in a story by Steve Ragan, has a story about an infection of the United States Postal Service (USPS) Rapid Information Bulletin Board System (RIBBS) by the Blackhole exploit, here. Apparently a similar infection of the Houston International Film Festival site took place.
It’s not clear what the virus would do on “ordinary” sites; it might not be noticeable. Apparently many AV programs have not been able to detect it n home or small business machines, and its scope may be limited.