Yes it’s true. The rock n roll icon Paul McCartney had his website hacked. (This attack isn’t necessarily originating in Russia, but I couldn’t refuse the obvious opportunity.)
It’s amazing how certain hackings follow the news. It was just a couple days ago when I was watching the news on TV (yes that old, outdated media) and learned that Paul McCartney and Ringo Starr were going to get back together for a “reunion” tour.
The website hacking could have been purely coincidental, as the toolkit planted on his website – Luckysploit, has been used in many, many recent website malware distributions. It could be that the cybercriminals behind this exploit just happened to find this site vulnerable to their recent attack. I believe it’s irrelevant how or why, their timing was impeccable.
This is another example of social engineering used successfully to infect more computers.
Think of the millions of Beatle’s fans (my father-in-law is one of them – a fan not a virus victim) hearing about this reunion and flocking to Mr. McCartney’s website to find out where their concerts will be performed only to find out at the next anti-virus scan that they’ve been compromised by a bank login and password stealing virus.
The nerve of these hackers. Using something so “in the news” to lure millions of people to infectious websites that have been planted with malicious code, appearing to be legitimate websites, for the sole purpose of delivering a virus that is currently evading detection by many anti-virus programs.
Is there no shame?
This attack is being carried out by the Zeus botnet. Yes while everyone was watching out for Conficker, many forgot about the other botnets out there.
It’s easy to spot the infectious malware code in the “source” of the web page. All you have to do is look for something that’s impossible to read because it is encrypted and obfuscated to avoid easy detection. Luckily for us, we don’t look for specific infections while scanning websites. Our systems are based on any changes to a website. We pay close attention to changes that include specific keywords, but our alert system is based on any changes made to a website.
Once again the cybercriminals use a popular event to spread their malware. This particular infection will steal banking credentials which are then sold on the open black market. This is one of the cybercriminals profit centers. They have many.
Be careful when using the Internet, you never know if you’re getting more than you bargained for.
Other Beatle’s songs that come to mind with my sub-titles:
“Do You Want to Know a Secret” (about my malware)
“Don’t Ever Change” (my website)
“Don’t Let Me Down” (please click on this infectious link)
“Eight Days a Week” (and I’ll infect you every one of them)
“Everybody’s Got Something to Hide Except Me and My Monkey” (okay maybe my monkey has some malware to hide too)
“Fixing a Hole” (in your website)
“Free as a Bird” (free as in free malware)
“From Me to You” (more malware from me to you)
“Get Back” (to where you can get infected)
“Got To Get You Into My Life” (so I can hack you some more)
“Help!” (I need the services of WeWatchYourWebsite)
“I Am the Walrus” (I live Belarus) (okay you find something that goes with Walrus)
I could go on, but the Beatles wrote a lot of songs and I need to save server space.
Let’s be careful out there…