OMG CNN Confirmed Osama Is Alive – Scam spreads on Twitter

If you are seeing tweets right now from Twitter users, you may be misled into thinking that U.S. news organization CNN has revealed that Osama bin Laden is alive, Internet security firm Websense has reported.

The tweets lead to a phishing page.  Tweets are being posted by users right now at the rate of several hundred tweets per second and include:

omgg osama is alive!!! cnn confirmed that he’s still out there :((

I cant BELIEVE osama is still alive – CNN confirmed he around stillll :O

OMG CNN confirmed that they found Osama alive still ! ! !

Tweets lead to a bit.ly redirector that takes the user to a convincing phish page designed to harvest the user’s Twitter account credentials.

A user who enters credentials is then taken to a YouTube video related to the topic of the scam, a CNN video discussing the news “‘Osama is alive’ say protestors.”

The redirection chain is thus: hxxp://bit.ly/m[removed]Y -> hxxp://twitter.[removed].ru/relogin.php -> hxxp://www.youtube.com/watch?v=Ga[removed]Mg

Twitter trend-tracking service Trendistic recorded this scam as being 1% of the volume of all tweets some 8 hours ago.  The current rate of tweets is around 200 per minute, so the phishing page could be successfully harvesting Twitter account credentials and then tweeting on their behalf, thereby spreading the phishing links.

When Osama bin Laden’s death was announced, we saw Facebook status updates offering a video of the events.  Malware authors often use news events to entice and trick users into performing actions such as following website links.

Websense Security Labs advises Twitter users who believe they may have fallen for this scam to change their passwords immediately and to check their Twitter feeds for postings related to this scam topic.

Carl Leonard, Senior Manager, Websense Security Labs said, “Using Twitter to perpetuate a scam is as regular an occurrence as changing socks. It’s interesting in this case to see how the malware authors ‘make’ the news to spread their scams. At the current rate of 200 tweets per minute, this particular phishing page can successfully harvest Twitter account credentials and further spread phishing links by tweeting on unsuspecting users behalf. If you believe you may have fallen for this scam – change your password immediately”

Governments snooping more and more on Internet

Freedom on the Internet is coming under more and more threat from governments around the world, according to the second ‘Freedom on the Net’ (FOTN) report by the Freedom Institute for 2011.

The study of 37 countries found former Soviet republic Estonia to have the freest Internet, with a restriction of just 10 points, followed by the United States with a restriction score of 13.

The most restricted Internet is for users in Iran, Cuba, China and Burma, with restriction levels of between 83 and 89 (out of 100).

The overall trend, the report found, was towards less and less freedom on the Internet as governments become more and more alarmed at or better at controller what they consider uncomfortable exchange of information and co-operation through the Internet.

“Of the 15 countries covered in the pilot [report of 2009], a total of 9 registered score declines over the past two years,” the report noted.

Freedom House is an international non-governmental organization (NGO) based in Washington DC that conducts research and advocacy on democracy, political freedom and human rights, known for its annual report on democratic freedoms in each country.

Even in the newly added countries, the report, compiled by more than 40 researchers based around the World, found evidence of a “negative trajectory,” in at least half of them in the last two years.

It found increased government blocking, filtering, legal action, and intimidation to prevent users from accessing unfavorable content and in other places, cyberattacks, misinformation, and other indirect methods to alter the information landscape, such as creating dummy sites.

“These states are increasingly blocking and filtering websites associated with the political opposition, coercing website owners into taking down politically and socially controversial content, and arresting bloggers and ordinary users for posting information that is contrary to the government’s views,” it pointed out.

It held the increased governmental nervousness in many repressed countries to the role played by Internet-based organization and communication tools like Facebook, Twitter etc.

“In 12 of the 37 countries examined, the authorities consistently or temporarily imposed total bans on YouTube, Facebook, Twitter, or equivalent services,” it noted.

The report found that out of the total 6.5 billion people in the World, over two billion now have access to the Internet — nearly double that of five years ago.

• Specific examples of Governments blocking or manipulating Internet chronicled in the report include the following:South Korean authorities blocked access to an estimated 65 North Korea–related sites, including the official North Korean Twitter account, launched in August 2010.
• A Chinese woman was sent to a labor camp over a satirical Twitter message,
• An Indonesian housewife faced high fines for an e-mail she sent to friends complaining about a local hospital.
• A 19-year old Tibetan was detained after looking at online photographs of the Dalai Lama.
• A Thai judge in March 2011 sentenced a web developer to 13 years in prison for comments he posted and for refusing to remove the remarks of others.
• In Thailand, at least one editor is facing criminal charges over reader comments that were critical of the monarchy.
• In Belarus, the country’s largest ISP, the state-owned Belpak, redirected users from independent media sites to nearly identical clones that provided misleading information, such as the incorrect location of a planned opposition rally.
• In Egypt, officials shut down the Internet nationwide for five days in January in an unsuccessful attempt to curb anti-government protests. The operation was accomplished within the span of one hour.
• The award for the best anti-freedom activities on the Internet was given to the Chinese government.

Among the strategies developed by the Chinese government, it is hiring people to post pro-government comments in discussion to drown dissenters and complainers. Such people even have a name, the “50 Cent Party”, the report noted.

“Recruiting advertisements for similar commentators have reportedly begun to appear on Russian job sites,” it pointed out.

“China has emerged as a major global source of cyberattacks. Although not all attacks originating in the country have been explicitly traced back to the government, their scale, organization, and chosen targets have led many experts to conclude that they are either sponsored or condoned by Chinese military and intelligence agencies.

“The assaults have included distributed denial-of-service (DDoS) attacks on domestic and overseas human rights groups, e-mail messages to foreign journalists that carry malicious software capable of spying on the recipient’s computer, and large-scale hacking raids on the information systems of over 30 financial, defense, and technology companies, most of them based in the United States.

“In addition, independent analysts have detected cyberespionage networks that extend to 103 countries as part of an effort to spy on the Tibetan government-in-exile and its foreign government contacts,” the Washington-based organization noted.

Beware of Blackhat SEO Poisoning Attacks

According to a research on blackhat SEO, an increase in search engine optimization (SEO) poisoning attacks are exploiting several recent high-profile news events. There is a warning for internet users that searching topics as the disasters in Japan, Charlie Sheen and the NCAA “March Madness” tournament should be on high alert for poisoned search engine links leading to malicious websites.

No one in the tech security world should be surprised that criminal exploitation of Twitter has commenced in earnest, Coding and social engineering techniques that spammers and malware purveyors have been refining and perfecting in the email realm over the past several years couldn’t mesh more smoothly into the world of social network messaging. And Twitter — the über popular Web 2.0 service that media companies can’t seem to hype enough — has presented cyber fraudsters with the attack vector of their dreams.

Anyone can sign up anonymously for a Twitter account and begin pushing unfiltered messages carrying tainted Web links — bad URLs — across the Internet. What’s more, Twitter has popularized the use of shortened URLs to enable users to point to Web pages in messages limited to 144 characters. It did not take cyber crooks long to discover that shortened URLs are most effective for disguising bad URLs.

Using search engines and watching videos are two of the top Internet activities that users do on a daily basis. In the threat landscape, this usually translates to threats such as blackhat SEO attacks, malicious pages crafted to look like YouTube pages, and, as we recently found out, attacks that use both blackhat SEO and malicious YouTube-like pages.

Search Engine Optimizations or SEO is basically used for improving the visibility of a website in search engines. BlackHat SEO on the other hand helps index and position fake/fraudulent websites in search engines. This is best achieved by making use of widely used topics, events, celebrity name. Actually anything that is most searched for or that is of great interest to the public.

Fight between Sony and Anonymous to intensify

The hacktivist group Anonymous is heightening it’s aggression against anyone who stands in the way of freedom to information. At the moment their target seems to be Sony. The group that recently brought down a number of Websites owned by Sony Corporation is now vowing to take ‘other ways’ to teach the company a lesson.

Sony recently sued a famed hacker George Hotz, who is popularly known as GeoHot in the security community for jailbreaking Sony PS3 gaming console. Though Sony and Hotz have reportedly reached a settlement, Anonymous is in no mood of a truce as it gears up for an in-store protest against Sony on April 16th.

Anonymous’ demands include allowing PlayStation owners to be able to modify their consoles and share content online — in essence to be able to legally jailbreak the consoles — as well as having Sony cease its legal actions against PlayStation hackers.

Anonymous is leveraging its large fan following on Twitter, Facebook, IRC, youtube and even its ‘official’ website to gather support. A part of the message that the group is promoting through these platforms reads:

On April 16th, we will take the protests against Sony to the streets. We encourage anyone who is able to come to a nearby Sony Store to support the cause, even if you are not usually involved with Anonymous. This is not just about Anonymous – this is about your rights.

The group is also urging people to make preparations before the actual protest takes place. It says that people who are interested in being a part of the protest should set up a ‘legal team’ that consists of at least 1 person that does not take part in the protest itself, who is in contact with a lawyer. Also, people are asked to make sure the phone number of the ‘legal team’ is written on your arm with something like permanent marker, to make sure they cannot lose it in a full body search – better safe than sorry.

Explaining their propaganda for launching the attacks on Sony, Anonymous wrote on its website.”Their (Sony’s) propaganda regarding jailbreaking implies that it encourages piracy and thereby makes people lose their jobs, whereas jailbreaking actually just means you are making YOUR device do what it should do. Imagine if Microsoft forced you to use Internet Explorer instead of Firefox or Chrome. Imagine if they denied users from using any other web browser than their own. Many people would obviously be pissed… but then, why aren’t you pissed at Sony?,”

Trying to win people instead of being termed as a notorious hacker group, Anonymous has claimed that it has no intention of putting gamers or end users in trouble. Its website states, “Anonymous is on your side, standing up for your rights. We are not aiming to attack customers of Sony. This attack is aimed solely at Sony, and we will try our best to not affect the gamers, as this would defeat the purpose of our actions.”

Sony hasn’t so far acknowledged the attacks by Anonymous and has termed the reason for the outages on its websites as ‘server maintenance’. So far, Anonymous seems to have an upper hand after Sony withdrew its suit against Holtz. Let’s wait and watch where this battle goes…