The assassination of Osama bin Laden yesterday led to a digital 'mother lode of intelligence' being discovered.
According to Politico, the assault force of US Navy SEALs discovered and seized a trove of computer drives and disks, including PCs, USB drives and electronic equipment, during the raid that killed the Al-Qaeda leader.
The material is reportedly being examined at a secret location in Afghanistan and an official told Politico that hundreds of people were going through it and intelligence operatives back in Washington were very excited to find out what they have. “It's going to be great even if only ten per cent of it is actionable,” they said.
Bin Laden's death has also led to warnings on malicious search results and files being detected. F-Secure chief research officer Mikko Hypponen said that the first sample of malware about the death of Osama bin Laden was a file called Fotos_Osama_Bin_Laden.zip that was spreading via email that contains an executable file that contains a banking Trojan belonging to the Banload family.
Hypponen said: “It will install itself on the system (as msapps\msinfo\42636.exe) and starts to monitor your online banking sessions (via a browser helper object), trying to redirect your payments to wrong accounts. We detect this one as Trojan-Downloader:W32/Banload.BKHJ.
“As a general advice: it's unlikely you'll find pictures or videos of bin Laden's death online, but searching for one will certainly take you to sites with malware.”
Websense Security Labs noted that the news on bin Laden superseded malicious searches for Prince William and Kate Middleton's wedding. In an interesting tactic, the blog of Pakistan-based Twitter user Sohaib Athar (@reallyvirtual) was compromised as he 'live tweeted' during the attack.
Patrik Runald, senior manager of security research at Websense Security Labs, said: “Make no mistake, hackers are going to go after websites such as Athar's along with search engine results to prey on visitors looking for more information.
"Athar links to his blog and I'm sure a lot of users who saw his tweets went there. Unfortunately for them, the site was compromised and was serving a poorly detected malware through the Blackhole Exploit Kit.
“The malware that the drive-by download attempts to install is a fake system tool named 'WindowsRecovery' that claims to have found problems on the victim's computer. To convince the user that something really is wrong with the system, the malware hides all files and folders in the hard drives and on the desktop, but of course the scammers offer the user a quick solution to this problem with a purchase of the premium version of 'WindowsRecovery',” said Websense.
Finally, many Facebook 'likejacking' campaigns have also been detected, with users seeking photos and videos of the attack and bin Laden's dead body. As usual, a campaign is created with a link to a video or picture and when clicking on the link, the user is taken to a page on Facebook asking them to copy/paste the code into the browser's address bar so that they can watch the video, and as previously demonstrated, this allows personal information to be captured by the creator of the scam.
The 'likejacking' campaigns were also detected by Sophos that found messages that claim to point to banned video footage of Osama bin Laden's death.
Senior technology consultant Graham Cluley said: “The scammers earn money every time a survey is completed, and that's why they want you to share the link with others. Sophos is advising computer users to watch out for scams related to Osama bin Laden's death, not just on Facebook but on other parts of the internet too. Such a big news story always seems to attract the interest of fraudsters and malware authors.”