Hackers use bin Laden’s death as lure for the unwary

Computer hackers are disseminating spam, viruses and malicious software designed to ensnare the unwary with bogus videos, photos or other digital data about the killing of Osama bin Laden.

The first instances appeared late Sunday within hours of the breaking news, according to a leading computer security firm. Almost all of it had one goal — to direct Internet users to websites that hijack computers to steal passwords or generate more spam advertising.

“Fake links to files purporting to be video of the killing popped up on Facebook in a number of different languages, including English, Spanish and Portuguese,” said Dennis Fisher, a security expert for Kaspersky Lab.

Fake links also were spread via Twitter, which said that users were posting more than 5,000 messages every second at the news event’s peak late Sunday EDT. The links generally promise photos or video of the killing.

Malicious links and software also were spread by e-mail, according to other security experts.

Users who visited the Facebook page purportedly carrying video of bin Laden being shot by Navy SEALs had to click on the video and agree to download special software to view it in order for their computer to become infected.

But malicious Web pages on other, less secure sites can infect the computer of any user who arrives at the page because of flaws in some widely used software packages.

Most of these flaws have been detected and fixed, but many computer users have not updated their software and remain vulnerable. Users are driven to such “crimeware” pages by links in spam email and by a special hackers’ technique known as malicious, or “black hat,” search engine optimization (SEO).

In its “white hat,” or commercially acceptable, manifestation, SEO seeks to get a given Web page the best possible ranking in any search done by Web users.

Search engines such as Google and Bing use special mathematical formulas called algorithms to work out which pages are the most relevant or popular and move them up in the rankings.

SEO techniques seek to maximize the credit that search engine algorithms give to Web pages for things such as links from other sites and keywords.

“Black hat” SEO uses fake links from other malicious or useless sites and pages of nonsense text containing repeated instances of keywords to trick search engines into listing the crimeware pages high in search rankings, increasing the chance that a user unknowingly will click on it.