Search results for Bin Laden death riddled with malware

Posted by Emma Woollacott

Security experts are warning that the death of Osama Bin Laden is being exploited by hackers in order to spread malware.

One such attempt, being posted as updates on Facebook users' walls, claims to show video footage of Bin Laden's death. To watch it, users are required to share the link with friends.

"However, sharing the link with others just helps spread it further across the social network, and instead of a shocking video you are instead presented with an all-too-familiar survey which you are told you must complete before you can go any further," says Graham Cluley, senior technology consultant at security firm Sophos.

And, as his colleague Paul Ducklin points out, even trusted search engines can be dangerous. He says 'new' searches such as 'Bin Laden dead' don't throw up many historical precedents, meaning that they're more likely to end up highlighting dodgy sites.

"A search term which is incredibly popular but by its very nature brand new - "Japanese tsunami", "William and Kate engagement", "Kate Middleton wedding dress" or, of course, "Osama bin Laden dead" - doesn't give the search engines much historical evidence to go on," he explains.

"Of course, the search engines want to be known for being highly responsive to new trends - that means more advertising revenue for them, after all - and that means, loosely speaking, that they have to take more of a chance on accuracy."

Indeed, according to Fabio Assolini of Kaspersky Labs, such SEO poinsoning is already taking place. "The bad guys were quite fast and started to poison searches results in Google Images," he says.

"When clicking an image in the results page, the user will be redirected to one of the malicious domains... both domains are offering a copy of the rogueware known as 'Best Antivirus 2011'."

Meanwhile, the remarkable story of Sohaib Athar, who live-blogged the raid unknowingly, has also attracted the hackers. According to Websense Security, Athar's website has been compromised, and now leads to the Blackhole exploit kit.

"The end result is that users trying to follow one of the most highly visible stories in the world on very legitimate sites were within two clicks of a malware-infected site," says Websense's Patrik Runald.