MH17 related discussions are being hashjacked The tragedy that is Malaysia Airlines Flight 17 has sparked plenty of outrage, grief, and dismay on Twitter. Discussions related to recent developments and breaking news have been going non-stop since the plane was shot down by pro-Russian rebels on Thursday.Seeing an opportunity, criminals have targeted those discussions in order to spread malware.The method is called hashjacking, which is a term used to describe the act of leveraging a trending hashtag in order to spread your own message. In this case, while people are using #MH17 to discuss the tragedy and current developments, criminals are using it to spread malicious URLs. As seen in the image above, the account is directing people to a *.tk domain, and using the #MH17 hashtag in order to get as many eyes on the URL as possible.This example is just one of several that have targeted the MH17 story, and at present, nearly 500 messages pointing to malicious URLs have been posted. For now, the links point to one of two possible servers, both hosted on IPs in the US. The domains that are connected to them are a mix of malicious and legitimate. Researchers at Trend Micro speculate that the traffic to the legitimate domains is being used to spike traffic and garner ad views.“On the other hand, the malicious domains associated with these IPs, are connected to a ZeuS variant detected as TSPY_ZBOT.VUH and SALITY malware. ZeuS/ZBOT are known information stealers while PE_SALITY is a malware family of file infectors that infect .SCR and .EXE files. Once systems are infected with this file infector, it can open their systems to other malware infections thus compromising their security,” a blog post on the attacks explains.Online, criminals are known for targeting current events for nefarious reasons. Social media has extended their reach, whereas before they would use Black Hat SEO techniques and poison search results to conduct their schemes.The MH17 tragedy is just the most recent example. Previously, in recent times, criminals targeted the Flight 370 disappearance, and the Boston bombings.For now, the best source of information is going to be the BBC, or other international news source. It’s best to avoid links that use *.tk as the URL’s extension. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe