All the news that's fit to infect you...

Share with your network!
The Waledac botnet is trying to grow again, and the herders may have hit upon a great new twist. Waledac bots are currently sending out huge numbers of fake Reuters news articles about a bombing near the recipient's location. These emails point to a "Breaking News" website that claims to have a link to video of the story that requires you to update your Flash player (except that what they serve you is not a new Flash player, but a bot infestation). What makes this unusual is that fake news story (or, rather, the machines that host it). The infected machines serving the 'news story' webpages are also performing geolocation tests against the IPs trying to pull the page, and altering the content based on where they think that IP is located. If they can determine where you are, the 'breaking news' story that you get will be tailored to you, saying that the bombing took place in a town near you. In terms of social engineering, this goes a long way to making the content more believable. How can you protect yourself from this? To start, make sure your anti-virus signatures are up to date. Be wary of previously unknown sites - don't install software just because a website told you to. Visit the US Computer Emergency Readiness Team (US-CERT) website - they've got great papers on avoiding social engineering attacks and other email scams.