Nearly ten years ago, I was sitting in an office in Birmingham (in the UK) reading the first messages about the shocking and tragic attacks on the Twin Towers. The tenth anniversary of those attacks is not one I relish thinking about, let alone writing about, but I'm afraid I must.
In a presentation I did last week at a forensics conference, I talked about global disasters and security. (That presentation will be up in some form on the white papers page eventually, but there are a few jobs ahead of it in the queue, right now.) However, one of the issues I looked at was one flagged some time ago by Kurt Wismer, who has pointed out that there's a pattern to the use of social engineering around disasters like the Haiti earthquake: "first comes the tragedy, then malware purveyors exploiting the tragedy as a lure, and finally security bloggers exploiting that for content“.
The security community is actually expected to post "We expect to see…" articles even before the first social engineering attacks are seen. The trouble with that is regular readers are inured to the message, whether or not they’ve taken it on board, and the people who are most likely to need the advice won’t read it. Unless a mangled – I mean quoted and attributed – version of it gets out to the general computer press.
However, we know that nothing is sacred to scammers as I ruefully pointed out a couple of years ago, and this anniversary is . And while John Leyden's article in The Register about an imminent wave of attacks is based on research by BitDefender, one of our competitors in the AV space, I feel obliged to mention it here in the public interest.
Leyden reports that the latest crop of malicious web pages to go up includes hooks such as "Bin Laden alive", "in depth details about the terrorist attack", "police investigation results" and "towers going down", linking to scareware and phishing scams, while we can apparently also look forward to charity/aid scams and even fake auctions of memorabilia and commemorative coins.
It makes me slightly sick even to think about this inhuman exploitation of human misery, but BitDefender (and John Leyden) have done us a favour in telling us in more detail than usual what sort of scam we can expect to see. No doubt there will be even more evil to come out of this.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Author David Harley, ESET