Malaysia Airlines MH370 News used as hook by scammers

Criminals are hijacking the news cycle surrounding Malaysia Airlines Flight 370, using it to promote scam surveys and steal personal information via malware.

Researchers at Trend Micro have been tracking a series of scams that originated on Facebook and though email, which use the tragedy and mystery surrounding Flight MH370.

Flight MH370 is the Malaysia Airlines Boeing 777 that went missing earlier this month, as a hook. Investigators are still looking for clues, and the investigation has taken several twists and turns, fueling the public's craving for information.

"As more countries join in the search for the missing Malaysia Airlines Flight 370, we are seeing cybercriminals use this highly talked-about topic to unleash different online threats," commented Rika Joi Gregorio on the TrendLabs blog.

One of the scams centers on a fake video and is thought to have originated via email. According to the email, the video is a five-minute clip about the flight, offering new information. However, users who attempt to access the attachment are infected with a generic Trojan, which opens a backdoor onto their systems.

As is the case with all such malware, the attacker is granted full remote access to the compromised system, including the ability to run programs, download files, and data collection. However, this Trojan is a different.

"There is one unusual aspect to this backdoor. Its command-and-control (C&C) server at www-dpmc-dynssl-com (replace dashes with dots) was noted by other security researchers in October of last year as being related to a targeted attack.

It is unusual for a targeted attack to share the same infrastructure as a more 'conventional' cybercrime campaign, yet that appears to be the case here. We currently have no information that this particular backdoor is being used in targeted attacks."

Details on the aforementioned targeted attack are available via FireEye.

On Facebook, the mystery of Flight MH370 is being used to promote junk surveys, which do nothing but make the scammer money, and place personal information at risk. A similar scam mimics YouTube, promising additional videos and news.

"Current events and news updates have become go-to social engineering bait of cybercriminals. This has become an unfortunately frequent occurrence – events like the Tohoku earthquake, Boston marathon and Typhoon Haiyan were all abused to spread various threats."

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.