As usual, when a large event occurs, tragic or not, a door for cyber criminals, spammers, hackers amongst others opens, and that is the exact case with the recent tragic Malaysian Airline MH17 crash explosion.
Thursday, July 17th, Malaysia Airliner 777 MH17, a Boeing 777 aircraft carrying 283 passengers and 15 staff members was shot down from a ground-to-air missile. The motive and persons behind the attack remain unknown but are being rapidly reported on throughout media.
As usual, cybercriminals, spammers, and scammers were quick the take advantage of the Malaysia Airline MH17 tragedy, and start spreading malware through social media, and other hokum ‘news’ websites.
Researchers at anti-virus firm Trend Micro, were some of the first to identify suspicious tweets written in Indonesia language evolving throughout social media outlets. Attackers were caught abusing the trending #MH17 hashtag throughout Twitter to lure victims looking for actual news on the MH17 explosion.
The tweets began circulating July 17th, minutes after Malasyian Airline tweeted: “Malaysia Airlines has lost contact of MH17 from Amsterdam. The last known position was over Ukrainian airspace. More details to follow.”
Hundreds of personal twitter users have retweeted the malicious links circulating on Twitter, motivating their personal followers to visit the link alongside popularizing the initial tweet.
The website hosting the malicious files resides on shared hosting based in the United States. The shared hosting hosts a number of legitimate domains, and researchers have concluded the continuous attention could lead to the faulty news actors achieving finical gain from advertisements placed inside the malicious domains.
The hosting was also found to home a number of malicious domains connected to a ZeuS variant and SALITY malware. ZeuS malwares are known for harvesting financial information while SALITY is a “malware family of file infectors that infect .SCR and .EXE files,” Trend Micro reported in their blog post. “Once systems are infected with this file infector, it can open their systems to other malware infections thus compromising their security.”
This is not the first time cyber criminals have abused a Malaysia Airliner story, a few months back attackers abused the disappearance of Malaysia Airliner flight MH370. One widely popular Facebook scam claimed the Malaysia Airline MH370 was found, while another targeted numerous high profile governments with a large scale phishing attack.
As the story is still evolving, it is recommended to avoid clicking links to alleged stories of the MH17 on social media or similar outlets. If possible,, try and verify the link location while remaining cautions.