November 7, 2006 at 16:24The virus spread through Wikipedia
Hackers have found another channel for the spread of viruses - this is Wikipedia. The scheme of action is extremely simple: in an article on a particular virus, they place a link to a fictitious tool for "treatment". Many people tend to trust Wikipedia - they become easy victims of intruders.
For the first time, such hacker activity was seen on the German Wikipedia website. On the page with the description of the Blaster worm (Lovesan), a link to the patch was posted, which supposedly allowed to get rid of the infection. A malware spread under the guise of a patch .
It is clear that the reason for the vulnerability of Wikipedia for this kind of hacker attack is the openness of this project. Anyone can edit any article and place any link in it. If the community has learned to cope with ordinary text vandalism more or less, then new, sophisticated methods of vandalism so far pass quite easily. For example, recently it became known about the first case of long-term vandalism, when a pseudoscientific article lasted on the Wikipedia website for about a year . Now another species has been discovered - link vandalism.
In both of these cases, the fact of vandalism is not obvious at first glance, therefore, the identification and correction of errors may require considerable time.
In the case of the fake patch from Blaster, the appearance of a “malicious” link on the page was quickly detected, so it was removed from the text of the article. However, the link remained in the revision archive , which is the standard functionality of any wiki engine. Here the attackers used a non-standard method: they sent spam inviting them to visit this archive page of Wikipedia (the average user cannot distinguish between the archive version and the regular one). Emails looked like they were sent on behalf of Wikipedia, and the link was in bold ( spam screenshot) Naturally, spam aroused suspicion and Wikipedia administrators quickly took action and deleted the archive page from the site. However, the attackers succeeded: they seem to have managed to infect several people and, thus, proved the viability of the new method.
By using the good name of Wikipedia (the most popular source of information in the world today), attackers managed to deceive both anti-spam filters and user trust.
For the first time, such hacker activity was seen on the German Wikipedia website. On the page with the description of the Blaster worm (Lovesan), a link to the patch was posted, which supposedly allowed to get rid of the infection. A malware spread under the guise of a patch .
It is clear that the reason for the vulnerability of Wikipedia for this kind of hacker attack is the openness of this project. Anyone can edit any article and place any link in it. If the community has learned to cope with ordinary text vandalism more or less, then new, sophisticated methods of vandalism so far pass quite easily. For example, recently it became known about the first case of long-term vandalism, when a pseudoscientific article lasted on the Wikipedia website for about a year . Now another species has been discovered - link vandalism.
In both of these cases, the fact of vandalism is not obvious at first glance, therefore, the identification and correction of errors may require considerable time.
In the case of the fake patch from Blaster, the appearance of a “malicious” link on the page was quickly detected, so it was removed from the text of the article. However, the link remained in the revision archive , which is the standard functionality of any wiki engine. Here the attackers used a non-standard method: they sent spam inviting them to visit this archive page of Wikipedia (the average user cannot distinguish between the archive version and the regular one). Emails looked like they were sent on behalf of Wikipedia, and the link was in bold ( spam screenshot) Naturally, spam aroused suspicion and Wikipedia administrators quickly took action and deleted the archive page from the site. However, the attackers succeeded: they seem to have managed to infect several people and, thus, proved the viability of the new method.
By using the good name of Wikipedia (the most popular source of information in the world today), attackers managed to deceive both anti-spam filters and user trust.