BitDefender researchers uncovered a series of Websites claiming to have details relating to the 9/11 attacks that actually direct users to scareware and phishing sites.
Nothing is sacred to scammers and
online attackers, and the tenth anniversary of the Sept. 11, 2001, attacks
appears to be no exception.
Malicious perpetrators took over the
Twitter account belonging to NBC News and posted messages claiming a terrorist
attack at Ground Zero in New York in the late afternoon of Sept. 9. Vivian
Schiller, the digital officer at NBC News, posted on Twitter that the @nbcnews
account had been hacked and that the offending messages should not be
The posts claimed flight 5736 had
crashed into the same site the Twin Towers had collapsed 10 years ago, and
another flight, "flight 4782," was also suspected of being hijacked.
Twitter has suspended the account to stop people from spreading the fake news
and creating panic.
A group calling itself Script Kiddies
took responsibility for the hack. Graham Cluley, senior technology consultant
at Sophos, called the group "sick minded hackers" on the Naked Security blog
It's not clear how the account was
hijacked, whether it was because the Twitter password was phished, cracked
because it wasn't very strong or some malware was used. Regardless, it is one
of the many Web scams and hacks currently active, and the number is expected to
increase with the anniversary of the 9/11 attacks on Sunday.
Researchers at BitDefender warned of
malicious Websites and social networking attacks with hooks relating to the 9/11
attacks. BitDefender uncovered malicious Websites on topics such as "Bin
Laden alive," "in-depth details about the terrorist attack,"
"police investigation results" and "towers going down." The
malicious sites are filled with links to scareware and phishing sites, or the
sites masquerade as fund-raising pages for various charities.
Considering many news organizations are
doing retrospectives by posting original footage and allowing users to listen
to the recordings of emergency personnel trying to rescue people, many users
will be more likely to visits sites that claim to have never-before-revealed
details of the attacks.
With law enforcement authorities on the
hunt for two or three individuals they suspect may be planning a 9/11
anniversary attack, there will be even more interest among Internet users for
information. Federal and New York City authorities claimed to have received
credible information that the suspects had already entered the country, Reuters
reported Sept. 8.
The intelligence was "not run of
the mill" and was dramatic enough to change the earlier security
assessment that there was no specific intelligence of any plots to attack the
United States on the anniversary, law enforcement officials told Reuters.
As always, users should rely on
official news outlets for information and actually type in URLs of the sites
instead of just clicking on links to stories, security researchers warned.
Other malicious scams include fake
auctions and sales of 9/11 items, such as shards of metal from the collapsed
World Trade Center towers and "commemorative coins" minted from
silver collected at Ground Zero, BitDefender warned.
"It makes me slightly sick even to
think about this inhuman exploitation of human misery," David Harley
, a senior research fellow at ESET,
wrote on the company blog.
"Nothing is sacred to
scammers," Harley wrote, noting the number of malicious sites and malware
using social engineering tricks that emerge immediately after a disaster, such
as the earthquake in Haiti or the tsunami in Japan.