Sunday, 28. August 2016

WikiLeaks malware causes problems for unsuspecting users

WikiLeaks has published more than 80 strains of malware. When WikiLeaks founder Julian Assange created his organization in 2006, he leaked thousands of documents that alleged government misconduct. It caused a storm of controversy worldwide, and as the years have passed and the cache of sensitive documents has grown, more people are paying attention to the internet sensation that is WikiLeaks.

However, the massive popularity of the WikiLeaks documents is now working to its users' detriment.

What's wrong with WikiLeaks? Gizmodo contributor Michael Nunez reported mid-August that the organization had published more than 80 strains of malware in its most recent email dump, which came from Turkey's ruling Justice and Development party. The infraction was discovered by cyber security expert Vesselin Brontchev, who is an assistant professor at the Bulgarian Academy of Sciences National Laboratory of Computer Virology. This situation is dangerous, because practically anyone who is browsing the WikiLeaks library could click on potentially harmful links without knowing it.

"If you click on it now you'll just download a 101-byte text file (despite the 'exe' extension) which says: this file originally was part of AKP-emails release, but had to be disabled because it was a virus," Brontchev said, according to iTnews contributor Juha Saarinen. "I discovered that there are 3277 additional links still pointing directly to malware. That is, click on a link, malware gets downloaded to your PC."

According to ZDNet contributor Charlie Osborne, there are hundreds of such files and thousands of links that contain malware-lined pitfalls. The malware being hosted on the WikiLeaks site now includes trojans, Windows exploits and Java-based malicious code, all sitting on the servers waiting for an unknowing user to come along and click them. Brontchev noted that most of the malware came in the form of spam emails and phishing attacks.

How did something like this happen? A simple virus or malware scan would have been able to weed out any unwanted emails containing potentially unwanted programs, but it seems that no such scan took place. The AKP received spam emails containing malware, which were then uploaded to the WikiLeaks cache without any sort of filter involved.

"WikiLeaks is a valuable resource for many, including journalists and activists, but perhaps including a simple warning or launching a malware check before mass-uploading such documents would be worth implementing," Osborne wrote.

Another frightening aspect of this situation is that Brontchev's report is by no means exhaustive – it only combed through a very small portion of the massive amount of information available on the WikiLeaks servers. So there very well could be links to more malicious programs that might infect users' computers worldwide.

Malware problems continue This isn't the first time WikiLeaks has been associated with malware. According to a 2010 report by Trend Micro researchers, WikiLeaks-related spam emails were being sent to unsuspecting users. The emails would contain triggering subject language like "IRAN Nuclear BOMB" that would entice users to open them, which would inevitably lead to people visiting pages that looked like WikiLeaks sites and unintentionally downloading malware onto their computers.

What's more, also in 2010 Trend Micro Senior Threat Researcher Feike Hacquebord wrote that the main domain for WikiLeaks redirected to one registered by a "bulletproof, blackhat-hosting provider in Russia that is a safe haven for criminals and fraudsters." This didn't exactly bode well for WikiLeaks itself, and it doesn't look like the organization has implemented many new cyber security protocols.

Hackers' eagerness to capitalize on the popularity of WikiLeaks – and their somewhat clever attempts at fear-mongering, which seem to have been successful with those people who did click on the spam emails to read what they thought was information about Iran having nuclear weapons – is indicative of the lengths these malicious actors will go to get into the systems of internet users.

The recent WikiLeaks malware issues were predated by incidents as far back as 2010, demonstrating the fact that organizations and consumers alike need to be careful about the links they're clicking online. In addition, it's critical to make sure your networks and endpoints are protected by cyber security software just in case one of these strains of malware tries to infiltrate your system.