If you turn to Google to find information on the assassination of former Pakistan Prime Minister Benazir Bhutto, chances are you will land on a Web site rigged with malicious exploits.
Within hours of Bhutto’s death, researchers at Websense Security Labs discovered several Web sites capitalizing on the breaking news surrounding Bhutto’s death, including one that was high on Google’s results for the generic “benazir” search query.
At 11:00 a.m. on Dec. 28, one of the top three results on Google for the “benazir” search query was serving up a JavaScript redirect to a Web site attempting to load a Trojan downloader on Windows machines.
An alert from Websense Security Labs noted that a malicious Google result for a “generic and simple keyword” is likely to receive large amounts of traffic.
Google usually flags malicious search results with a warning that reads “This site may harm your computer” but, in this case, there is no such warning.
The use of major news events or holiday activity has been a successful tactic for social engineering malware. [ See Techmeme discussion ]
According to an advisory from anti-virus vendor Trend Micro, one of the malicious sites taking advantage of the Bhutto assassination news is serving up a script that downloads a Trojan capable of loading multiple executables on Windows computers.
“TrendLabs found that there is a host of other news sites and blogs taking advantage of this news,” it added.
The company said the malicious JavaScript is not exclusive to news sites. “It is also present embedded in other Web sites with a broad scope of topics and interests. There are many other sites that have been possibly compromised (or that include the malicious JavaScript), including Autoworld, Vino, Dogpile, MSN and Google’s BlogSpot.”
According to Trend Micro researcher Paul Ferguson, searching for this same malicious JavaScript code URL (the malicious script) yields 4,240 results. If the search is narrowed down to also include “benazir,” there would be only 103 results.
The “Storm Worm” Trojan has also used holiday-themed social engineering attacks to seed one of the most notorious botnets.