Bogus Beijing earthquake reports used to spread malware
Playing with Olympic fire
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Supected botnet operators are using false reports that a fictitious earthquake near Beijing could disrupt the Olympic games to spread malware.
Samples of the bogus alert doing the rounds, featuring subject lines such as "Million dead in Chinese quake", link to a website on a .cn domain. This site claims a quake measured in at 9.0* on the Richter scale has caused millions of casualties while throwing preparations for the games into turmoil. The page contains links to a supposed video that actually downloads the Nuwar-E worm onto the Windows boxes of marks credulous enough to fall for the ruse.
Net security firm Sophos reports that the .cn domains advertised in that attack are likely to be part of a botnet. Each DNS query for the domains returns a different IP address, indicating a changing network of compromised hosts are serving up the malware.
Using topical events to punt malware is one of the oldest social engineering tricks in the book. Baiting malware traps with "news" about non-existent calamities is hardly unprecedented either.
Its unclear where the hackers behind the latest scam are based. But if they're anywhere in China they are playing with fire. Last week police in south China arrested a man accused of spreading rumors of an impending earthquake after hacking into a government website. The 19 year-old suspect has reportedly confessed to breaking into the official website of the Guangxi earthquake administration on 31 May to spread the rumour, little more than a fortnight after a real earthquake claimed an estimated 68,000 lives in Sichuan province.
The technology worker (identified only by his surname, Chen) carried out the attack out of mischief, or to have "fun" as police sources put it, official Chinese news agency Xinhua reports. Somehow we doubt he's having much fun now. ®
* The Sichuan earthquake was measured at around magnitude 8.0 on the Richter scale. Earthquakes that weight in at over 9.0 on the Richter scale are very rare. The earthquake that triggered the Indian Ocean Tsunami of December 2004 measured 9.3 on the scale and is the second highest ever recorded. So the idea that news of such a disaster would first reach recipients by spam email really beggars belief.
COMMENTS
What about London?
I got this today:
Subject: London rocked by gas attack, army on high alert
Body:Bad press surrounds US Army as renegade soldiers open fire on civilians
http://en******staurant.com/r.html
full URL removed to prevent anyone from trying to C+P by accident.
S'funny, I was in london today and the only gas attack was after last nights curry - I don't recall the army being notified.
Also, what are the US army doing opening fire on civilians in London? I mean, I know people who just drop freesheet papers on the street are scum, but that's a bit harsh surely?
I love crap spam.
Steven R
Does China still use...
...the death penalty in cases like this?
Dinn'a this happen last week?
This just never gets old, does it?
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
