U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Cybercrime exploits the crash of Malaysia Airlines Flight MH17

Security experts at TrendMicro have detected a spam campaign via Twitter which exploits the incident occurred to Malaysia Airlines Flight MH17. Unfortunately, tragedies like the one occurred to the Malaysia Airlines Flight MH17 or the recent escalation in Gaza are excellent occasions for cyber criminals that try to exploit the public attention to carry out illegal activities. […]

Cybercrime exploits the crash of Malaysia Airlines Flight MH17

Security experts at TrendMicro have detected a spam campaign via Twitter which exploits the incident occurred to Malaysia Airlines Flight MH17.

Unfortunately, tragedies like the one occurred to the Malaysia Airlines Flight MH17 or the recent escalation in Gaza are excellent occasions for cyber criminals that try to exploit the public attention to carry out illegal activities.

Cyber criminals could arrange spam campaign and phishing attacks to collect victims’ personal information and serve malware.

Security experts have observed cyber attacks which are explicitly using news on the Malaysia Airlines Flight MH17 crash to deceive Internet users.  Media agencies sustain that the Boeing 777 Flight MH17 of the Malaysia Airlines,  carrying 298 individuals (including passengers and crew members), was struck by a missile launched by a mobile ground station.

Russian and Ukrainian governments are exchanging mutual accusations on the terroristic attack, public opinion is blaming pro-Russian separatist rebels sustaining that the Kremlin is helping them to destroy the clues.

Social media are flooded with news and images on the crash of Malaysia Airlines Flight MH17, cyber criminals are using social engineering techniques to spread malware tricking victims into visit compromised web site.

Experts at security firm Trend Micro have detected tweets written in the Indonesian language which spread news related to the crash of the Malaysias Airlines Flight MH17, the tweet includes the hashtag #MH17 to lure victims that search for information on the incident.

The cyber criminals behind this malicious campaign started their operations just after the crash on July 17th, one of the tweet states:

 “Malaysia Airlines has lost contact of MH17 from Amsterdam. The last known position was over Ukrainian airspace.

The message was retwetted by hundreds of users, that in an unconscious were advantaging the scammers spreading the malicious links.

 

MH17 Malysian Airlines

 

The experts at TrendMicro discovered that the URLs used by criminals resolve to the following IPs:

  • 72[dot]8[dot]190[dot]126
  • 72[dot]8[dot]190[dot]39

The analysis revealed that the IPs belong to a shared hosting in the US, many other domains are mapped on these addresses, some of them legitimate. The experts discovered that the spam campaign related Malaysia Airlines Flight MH17 has as a primary purpose the increase of hits/page views on sites or ads managed by cyber criminals.

The malicious domains were mainly used to spread a ZeuS variant SALITY malware.

ZeuS/ZBOT are known information stealers while PE_SALITY is a malware family of file infectors that infect .SCR and .EXE files. Once systems are infected with this file infector, it can open their systems to other malware infections thus compromising their security.” reports the blog post from TrendMicro.

Cybercriminals always exploit news on tragic events, in the past security experts have seen several scams and threats that leveraged news like the Boston marathon and 2011 tsunami/earthquake in Japan, be aware because they will continue to do this and the crash  of the Malaysia Airlines Flight MH17 is still an excellent news to ride.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

Security Affairs –  (MH17, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]