FBI issues warning about emerging Bin Laden malware

Since word broke Monday night that U.S. military forces had killed Osama Bin Laden in a raid in Pakistan, the internet has been buzzing with links to media sources purporting to have the latest emerging information on the situation. It didn’t take long, however, for internet scammers to begin exploiting the situation for their own gain.

The U.S. Federal Bureau of Investigation issued a warning on Tuesday alerting internet users that email and social networking messages claiming to contain images or video of the dead Bin Laden actually contain malicious software.

Symantec is reporting at least one type of phishing attack that poses as a CNN Mexico web page.

“The phishing site shows an auto-running Bin Laden related video in an iframe and asks the user to click on a link to download a ‘complete’ video,” says a post on Symantec’s blog. “Clicking on that link forces the download of an .exe file that is detected as Downloader.”

Security company F-Secure warned its users of spam emails containing an attachment named “Fotos_Osama_Bin_Laden.zip.” Instead of images, victims will actually have their computers infected with the “Banload” banking Trojan, which has been known to redirect payments to criminals.

U.K. security firm Sophos cautioned users about yet another scam that is spreading via Facebook. This one claims to have an “exclusive CNN video which was censored by Obama Administration due to level of violence,” but is really a javascript code that steals information and spreads to the users friends.

Unfortunately, there are so many Bin Laden scams emerging that it is difficult to warn computer users about all of them. While government reports have indicated that such images exist, none have actually been released to the public as of Wednesday afternoon. So what are computer users to do?

“The Internet Crime Complaint Center (IC3) urges computer users to not open unsolicited (spam) e-mails, including clicking links contained within those messages,” the FBI warning states. “Even if the sender is familiar, the public should exercise due diligence. Computer owners must ensure they have up-to-date firewall and anti-virus software running on their machines to detect and deflect malicious software.”

I have at least one Facebook friend so far who has been taken in by one of these scams. If you’re not sure whether a message being sent to you is real, I recommend erring on the side of caution and leaving it alone.