Beware of Breaking News
Malware writers and people who make money off the distribution of malware have always had one tricky element to their operation – getting the user to act in such a way which gets him/her infected.
Throughout the years one approach used by such malicious people has always been to exploit breaking news. In some cases they don’t even bother waiting for big news which they can exploit, but instead create fake news stories so as to get the desired effect.
People are curious by nature and exploiting breaking news is the method used to that element of human nature and victimize their target. The process is very simple; get a piece of popular news such as the killing of Osama Bin Laden and then offer something related to the news which isn’t commonly available, such as, in this case, alleged footage or pictures of the killing itself. Curious people will flock to such an offering falling into the malware trap.
Once victims succumb to their curiosity and try to access this footage the website will claim that it requires some plug in, in order to be able to play this footage and at that point it is very likely that the person eager to watch this video will not stop and think about the dangers of installing such a plug in, in fact, they’re likely to accept anything asked of them so that they can finally get to their ‘prize’.
It’s even worse when such an occurrence happens at work. The victims are less likely to worry about the consequences of their actions and are instead likely to focus on getting to the content as quickly as possible in order not to appear too unproductive.
There are various ways in which a business can protect itself against such events. Web monitoring, antivirus solutions and keeping their systems up-to-date in terms of patch management is an essential part of such a strategy. Users should also be aware of the potential dangers and how news is sometimes exploited for the purpose of spreading malware.
Furthermore, if major news organizations do not have a particular piece of the news while an obscure site that no one has heard about does, it’s a pretty clear indication that what they’re offering is in fact fake and thus should be avoided for safety reasons.
Web monitoring will also help by stopping users who fall for such scams and try to access fake news from disreputable sites. Some of these sites might try to exploit vulnerabilities in the web browser in order to install their malware. In these cases, having an up-to-date system can ensure this attack does not succeed if everything else fails.
At the end of the day curiosity is not the issue here, after all humanity wouldn’t be here today if we weren’t curious by nature; however, that is no excuse to ignore fundamental security practices. Just as you should never install software they you didn’t request (especially when coming from a source that isn’t highly trusted), it doesn’t suddenly become an acceptable practice to do so just because it promises access to breaking news.
This has as much to do with general curiosity as it does with having to be the first to know. There’s so much at stake for social networkers to get something out before the rest of their feed that people have this attitude of amateur journalists hanging outside the courtroom for “the big scoop.”
At the end of the day, obviously, your security is far more important than vanity. And it’s much easier to spot spam links once they hit Facebook or Twitter. Be patient and see how the story plays out. If the information is valid, it won’t be long before it’s posted on every site and news network.
Most people who fall for this type of exploit are the Generations W and X (or the old people aka the Baby Boomers). We can also include in this group those who don’t have any knowledge about how the Internet and Internet security works.
My point is, web monitoring software, antivirus solutions, and up-to-date systems are not enough. People should know beforehand. That’s why this article and all other info-based contents are good. They help spread useful information.
Thanks for your kind words Elaine, and you’re absolutely right. Security software is important but it is meant as a second line of defense. First line is the user, ideally threats should be avoided and one should not just rely on the Anti virus to protect him/her should s/he ever come face to face with malware or an exploit.