Posted by Virus Bulletin on Nov 3, 2006
Emails used archive function to lend authenticity.
Popular online encyclopaedia Wikipedia has been used as a vector for malware, with a spam campaign using the site's reputation and a fake security threat to lure in readers. Those who followed the chain of links found an as-yet-unidentified piece of malware at the end.
The malware was carried on a webpage hosted under the 'wikipedia-download.org' domain, unassociated with the genuine Wikipedia. A page created on the freely-editable information resource posed as a security alert and pointed to this download site, and although the page itself was quickly removed by Wikipedia's army of editors, an archived version of the page remained on their servers. It was to this page that links in the spammed mails drew readers.
The spams also spoofed Wikipedia logos, and claimed to be a warning about a new variant of W32/Blaster; they also claimed that Wikipedia had been to called in by an overwhelmed Microsoft to help spread vital updates. The archived copies of the page have now been removed from Wikipedia archives, and the download site has been deactivated.
More details are available at heise Security, who promise further details of the malware involved are on the way.
Posted on 03 November 2006 by Virus Bulletin
