Emails used archive function to lend authenticity.
Popular online encyclopaedia
Wikipedia
has been used as a vector for malware, with a spam campaign using the site’s reputation and a fake security threat to lure in readers. Those who followed the chain of links found an as-yet-unidentified piece of malware at the end.
The malware was carried on a webpage hosted under the ‘wikipedia-download.org’ domain, unassociated with the genuine
Wikipedia
. A page created on the freely-editable information resource posed as a security alert and pointed to this download site, and although the page itself was quickly removed by
Wikipedia
‘s army of editors, an archived version of the page remained on their servers. It was to this page that links in the spammed mails drew readers.
The spams also spoofed
Wikipedia
logos, and claimed to be a warning about a new variant of W32/Blaster; they also claimed that
Wikipedia
had been to called in by an overwhelmed
Microsoft
to help spread vital updates. The archived copies of the page have now been removed from
Wikipedia
archives, and the download site has been deactivated.
More details are available at
heise Security
, who promise further details of the malware involved are on the way.
Posted on 03 November 2006 by
Virus Bulletin
Leave a Reply