Despite the loss of hundreds of lives following the Indonesian earthquake last night, unscrupulous cybercriminals have wasted no time in profiteering from the disaster, warns Symantec. Knowing that people around the world will eagerly be searching the web for news of their loved ones, Symantec analysis has shown that malware creators have quickly devised malicious software and websites designed to make money from concerned members of the public.

Cybercriminals are poisoning web searches so that their fake websites are listed at the top of the page. Many of the listings which result from searches for terms such as “Western Samoa”, “Earthquake”, or “Tsunami”, will link to malicious pages that then attempt to perform fake antivirus scans by offering to clean the users’ computer. Symantec warns users to be vigilant and cautious of any search results which appear not to link to trusted sources.

Hon Lau, Security Response Manager at Symantec, commented: “These types of attack are becoming increasingly prevalent online. We recently identified similar attacks following both the Serena Williams outburst and the Twitter based attacks reported last week. The people behind these scams are constantly evolving and adapting their attacks to suit current news events. Unfortunately there is no event, no matter how heartbreaking, which a hacker will not try to profit from.”

Tweeting Misleading Applications

Another recent trend on Twitter picked up by the Symantec Security Response saw that cybercriminals are now using shortened URLs to distribute misleading applications. Though Twitter’s popularity is increasing, the microblogging site sees limitations in sharing websites with long URLs, and here is where URL-shortening utilities can help. These tools allow users to include a link well within the 140-character limit, which will redirect anyone who clicks it to the longer URL and its intended website.

There is one downside here, from a security point of view — one often has no idea where the link leads until you click it. Clicking any links like this is entirely a security leap of faith, and malware authors have caught on to this. Using enticing tweets and commonly used Twitter search terms, their goal is to get other users to click on their shortened links and thus fall prey to malicious code.

Neither Twitter nor the URL-shortening services are at fault here — this is simply another case where malicious attackers use a neutral technology as a means for their deceptive ends. As both services are convenient technologies that are catching on rapidly, how do you protect yourself?

The good news is that both Firefox and Internet Explorer offer browser plug-ins that can check a shortened URL and show the final URL before the user even clicks on it. While it does not fully confirm if the link is malicious, it will at least allow the user to look more carefully before clicking.

While the misleading applications currently being served up in this manner all look very similar today, we are likely to see more variety in the future. Users with Symantec antivirus software installed are protected as the software is able to detect and block these risks from being downloaded onto their computers.

Consumer advice:

• Be careful what you click on. Avoid clicking URLs posted by unknown Twitter users.

• Practise safe online habits. Do not accept or open suspicious error dialogs from within the Web browser, and keep software and security patches up to date.

• Purchase software from reputable sources. Be especially cautious of ads promoting security or system performance tools that look like standard Microsoft Windows alerts.

• Deploy protection. Arm yourself with strong and updated security software to catch and prevent malware from downloading. The new Norton 2010 products proactively protect from spyware, viruses, worms, hackers and botnets, and other security risks, allowing you to deny digital dangers with the advanced protection.