Feeds

Bogus Beijing earthquake reports used to spread malware

Playing with Olympic fire

High performance access to file storage

Supected botnet operators are using false reports that a fictitious earthquake near Beijing could disrupt the Olympic games to spread malware.

Samples of the bogus alert doing the rounds, featuring subject lines such as "Million dead in Chinese quake", link to a website on a .cn domain. This site claims a quake measured in at 9.0* on the Richter scale has caused millions of casualties while throwing preparations for the games into turmoil. The page contains links to a supposed video that actually downloads the Nuwar-E worm onto the Windows boxes of marks credulous enough to fall for the ruse.

Net security firm Sophos reports that the .cn domains advertised in that attack are likely to be part of a botnet. Each DNS query for the domains returns a different IP address, indicating a changing network of compromised hosts are serving up the malware.

Using topical events to punt malware is one of the oldest social engineering tricks in the book. Baiting malware traps with "news" about non-existent calamities is hardly unprecedented either.

Its unclear where the hackers behind the latest scam are based. But if they're anywhere in China they are playing with fire. Last week police in south China arrested a man accused of spreading rumors of an impending earthquake after hacking into a government website. The 19 year-old suspect has reportedly confessed to breaking into the official website of the Guangxi earthquake administration on 31 May to spread the rumour, little more than a fortnight after a real earthquake claimed an estimated 68,000 lives in Sichuan province.

The technology worker (identified only by his surname, Chen) carried out the attack out of mischief, or to have "fun" as police sources put it, official Chinese news agency Xinhua reports. Somehow we doubt he's having much fun now. ®

* The Sichuan earthquake was measured at around magnitude 8.0 on the Richter scale. Earthquakes that weight in at over 9.0 on the Richter scale are very rare. The earthquake that triggered the Indian Ocean Tsunami of December 2004 measured 9.3 on the scale and is the second highest ever recorded. So the idea that news of such a disaster would first reach recipients by spam email really beggars belief.

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.