The Case of the Air France Crash
As the story below demonstrates, any item that generates a lot of international news headlines is likely to be exploited by global criminal networks. Whether it is the unexpected death of Michael Jackson or a tragic tsunami, earthquake or volcano, scammers are using the public’s interest as a weapon to commit cyber crime and fraud.
According to SC Magazine, another recent example, involved the suspected crash and disapearance of Air France flight 447 on May 31, 2009 while en route from Rio de Janeiro to Paris. As expected, spammers and malware writers tried to cash in on the Air France disaster.
Spammers began falsely promising news on the Air France crash as a way of tricking recipients into opening messages promoting Canadian pharmacy products.
Junk mailers even began pushing a new campaign that included subject headings such as “Last seconds of plane” or “A-330 blackbox record” as a means of enticing users into opening the emails. If they did, users were met with messages pushing discounted drugs, such as Viagra and Tamiflu.
“As usual, these spammers are disrespectful and do not hesitate to use the most shocking events to promote their shady businesses,” Francois Paget, a McAfee senior virus research engineer, wrote Thursday on the Avert Labs blog.
Not all of the emails exploiting the Air France tragedy were as benign. Websense researchers said Thursday that they have detected a Portuguese spam campaign claiming to include links to videos from the crash site, but the links actually lead to a trojan downloader. Spamfighter.com noted that as the user clicked on the video link, the installation process of an executable file known as Video_AirFrance_447.com starts. This file further plants password stealing Trojans such as variant of Win32/Spy.Banker.QRP, Trojan-Banker.Win32.Agent!IK and Trojan-Banker.Win32.Agent on the infected system.
The use and inclusion of offensive trojans in these campaigns represents a significant step forward for criminals (or a new low as the case may be). Sending spam commercial solicitations in the wake of a disaster is one thing, but literally spreading malware is quite another. It is also a crime in many jurisdictions. While it will be difficult to prevent these types of incidents from occurring in the future, a well-educated public may be the best hope for preventing legions of unwitting individuals from being victimized by these offenses moving forward. For the time-being however, cyber criminals will continue to exploit tragic events as a means of furthering their transnational criminal enterprises.
