We got Osama bin Laden so that malware alarmists can get you
In the light of [NAME OF NEWS EVENT] we are cautioning users to beware of Internet scams and other abuse. Be on the lookout for Facebook messages related to [NAME OF NEWS EVENT], scrutinize search engine results related to [NAME OF NEWS EVENT] and look out for new domain names using [NAME OF NEWS EVENT] to attract your attention.
Oops, sorry folks! I filed my template without filling it in first. My bad.
Just about any news event brings with it warnings like the one above from the security industry to people like me who pass them on to people like you. In the wake of the snuffing of Osama bin Laden we got a full-scale assault of such warnings, but I've always thought there's no need for news to get involved. To me it's like "Watch out for drunk drivers on new years eve."
Mind you, there are some pretty nasty attacks hunting for suckers out there, especially on Facebook, using the hook "See the Osama bin Laden EXECUTION Video!". Details available here from Dancho Danchev at ZDNet and here from ISC SANS. This one's a variation on a new attack I recently wrote about where you are asked to copy a scrap of Javascript and paste it into your browser address bar in order to "watch the video." You really have to be fresh off the apple truck to fall for this one, but Dancho says that (as of this morning) "there are currently over 4.266 users at the scam site." I'm not sure if that's actually a big number or not.
We had similar warnings for scams and malware for the royal wedding, on the Japanese earthquake, even just for Christmas. Every major election, every major sporting event, every natural or man-made disaster is a reason. Security firms could write the press releases months in advance using templates like the one I put up top. They could have an actual editorial calendar and sell ads. The scammers probably work the same; they know the World Series is coming in October; why not develop their attacks in advance?
I have a hard time believing that warnings do a wole lot to save people who don't see these attacks for what they are right off. The fact that nothing will ever substitute for such common sense is the best reason to believe that we'll never be rid of such attacks.
Larry Seltzer is a freelance writer and consultant, dealing mostly with security matters. He has written recently for Infoworld, eWEEK, Dr. Dobb's Journal, and is a Contibuting Editor at PC Magazine and author of their Security Watch blog. He has also written for Symantec Authentication (formerly VeriSign) and Lumension's Intelligent Whitelisting site.