May 2, 2011

Bin Laden Twitter Witness Site Hacked – Link Forwarded Around Major News Sites

Patrik Runald

Sohaib AtharA key media source on bin Laden’s death, Sohaib Athar (@ReallyVirtual), live-tweeted about hearing helicopters and explosions in Abbottabad six hours before bin Laden's death was announced. Athar links to his website from his Twitter account and has become a major source of media and public interest seeking more information. Websense Security Labs has discovered that the website belonging to Athar has been compromised by hackers and leads to the Blackhole exploit kit. Hackers are infamous for immediately taking advantage of notoriety and related searches in an attempt to infect massive numbers of computer users.

Cybercriminals are constantly exploiting where the masses go, and news on Osama bin Laden’s death is no exception. We want to warn everyone looking for news on bin Laden’s death to be cautious when clicking new links. Make no mistake—hackers are going after websites, like @ReallyVirtual’s, along with search engine results to prey on visitors looking for more information. Compromises on breaking news items are also very dangerous to organizations because employees who are searching online can potentially put an organization at risk for exploit and data loss.

The Black Hole Exploit Kit is a do-it-yourself, drive-by exploit that keeps trying multiple vulnerabilities to compromise an end user’s computer. The kit allows individuals with little or no coding knowledge to deliver many different types of malware, from scareware or Rogue AV to custom Trojans that steal information like online banking credentials. This exploit kit was recently used to exploit websites belonging to the USPS, for example.

What is amazing in this circumstance is that we saw stories from huge newswires and big online publications like CNN/Money  link to this Twitter account which then had the link to the infected website.

So the end result is that users trying to follow one of the most highly visible stories in the world on very legitimate sites were within two clicks of a malware-infected site. And surprisingly, they were often brought there by the sites they trusted.

This goes back to research we conducted last year. This research shows definitively that users on:

  • More than 70 percent of top news and media sites
  • More than 70 percent of top message boards and forums
  • More than 50 percent of social networking sites

are only two clicks away from malware at any time.

Caveat browser. Even from trusted sites.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.