Application security, Malware

In the midst of Bin Laden death, there is malware

Phil Ochs once wrote:

Tell me every detail, I've got to know it all,
And do you have a picture of the pain?"

That was in a song called “Crucifixion,” which was actually about the death of President John Kennedy. If Kennedy had been shot in the age of the internet, the process would have been much the same as we're seeing regarding the death of Osama Bin Laden. (No, I'm not for a moment comparing the two men in any respect other than the drama around their lives and deaths.)

First comes the event, or the anticipation of the event, or even the fabrication of an event, then comes the flood of malicious activity: black hat SEO (search engine optimization), usually leading to fake anti-virus (AV) or something equally nasty; malware passed off as video footage on YouTube or elsewhere, or a document or archive file containing the “full story,” and so on; rogue Facebook apps, survey scams, pages and groups, and the equivalents in other social media. And somewhere during the process, every AV company from here to Mars predicts that kind of exploitation, because it's a pretty safe bet that someone will attempt it and someone will fall for it, and it's our job to try to stop that happening.

I'm not going to try to do that job here, though, because my friend Randy Abrams has already done his usual excellent job on the ESET blog.

What other consequences can we expect? Well, I'd expect to see Western security services probably go to high alert in anticipation of action by Al-Qaeda, both in retaliation and in order to demonstrate that the fight continues. Such action is likely to take the form of physical attacks. On the other hand, it would be good terrorist PR to demonstrate any ability they have to cause disruption using cyberattacks.

However, raised levels of security (not to mention security theater) are likely to be disruptive in themselves.

When I was first asked about this about 10 hours ago, I said (among other things):

We might even see more of those annoying "mysterious [foreigner] warns Good Samaritan to avoid New York on May 15th" hoaxes. Old and old-style hoaxes have taken on a new lease of life on Facebook, so some form of related chain letter is quite possible.

I then disappeared into meetings for the day, and had no chance to check email for most of that time, but it appears that I wasn't wrong. I've just picked up mail from my colleague Tomáš Štefunko pointing out that relevant hoaxes are, indeed, in circulation. He directed my attention to a Czech site flagging a version of the old Olympic/Invitation hoax that mentions Bin Laden. I don't suppose this will be the last. It would be nice if the only negative consequences of this event were a few revitalized hoaxes, but I'm not too hopeful...

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.