Online scammers have been quick to capitalize on what will undoubtedly be one of the most significant news events this year: the death of Osama bin Laden.
Within hours of the news that the Al Qaeda leader had been killed by U.S. forces on Sunday, malware was found on sites optimized to show up on Web searches related to the event and in scams on Facebook.
Image searches and items labeled as video are proving particularly problematic as people are drawn to visual images of the terrorist leader. At least two domains were found to be serving up fake antivirus rogueware called "Best Antivirus 2011" on searches for "Osama bin Laden body" on a Google image search in Spanish, according to a blog post by Kaspersky Lab.
The killing of Osama bin Laden Another troublesome site involves a graphic doctored image of bin Laden. A Spanish language site was found to be displaying a photo that is supposed to be a shot of bin Laden after he was killed, accompanied by a news story about his death and what looks like a video. When the purported Flash Player window is clicked on, a message is shown prompting the visitor to update a VLC media player plug-in to view the video, Zscaler said in a blog post. Instead, an adware tool known as "hotbar" but labeled "XvidSetup.exe" is downloaded, the cloud security provider warned.
The scammers aren't dumb, they know what topics people are interested in. The phrase "Osama bin laden dead" was the most popular search on Google today in the U.S., according to Google Trends.
Spammers were quick to target Facebook, too. A spam message was being circulated that said: "Sweet! FREE Subway To Celebrate Osamas Death - 56 Left HURRY!" or "2 Southwest Plane Tickets for Free - 56 Left Hurry" and it included a link to a short URL service, according to another Kaspersky Lab blog post.
When the link is clicked the user is prompted to post a message to get more information on the offer. Posting the message keeps the scam spreading, while the user is then redirected to another page. "The scheme of this scam is to keep redirecting you to pages where you have to enter information such as email, and eventually get money for all new users or clicks," Kaspersky said.
Researchers at security provider Imperva found instructions for how to launch a "viral" scam on Facebook in a black-hat search engine optimization forum on the Web. ""Monetize This NOW! Just a tip to the newbies starting out," it says. First, create a Fan Page with a title that will grab people's attention, start inviting people, and watch it go viral, are the instructions. "You'll probably get 90 % USA FB users," the scammer how-to said, adding that the scammer should save it to promote a product later.
"5/1/2011 - This is one of those rare opportunities that can build you a great list and a a couple of zeros in your profit. Use it while the news of Bin Laden killed by US forces is hot," the post says. "I just started one and it had 600 likes in 2 minutes."
In one exploit, Imperva found a Facebook "like" clicking scam hidden in a video on a malicious Spanish language blog.
Web surfers should be cautious when searching for information on this or any other big breaking news and go directly to Web sites of reputable news sources. Security and other software (browsers, plug-ins, and operating system) should be kept up to date so vulnerabilities are patched. And ads on Facebook that are too good to be true, are just that.