Korean cross-border attacks exploited to spread malware

The recent cross-border shellings between North and South Korea have left many people wondering what has been going on and what triggered the attacks, and scareware and malware pushers have been very prompt at poisoning related search results.

Search combinations such as “north korea bombs/attacks south korea”, “kim jong il”, “korean war”, “world war 3”, “yeonpyeong island” and “korean news” have been producing results that take users to pages where warnings about infection on their computers are shown and the users are offered to download rogue antivirus solutions, to pages that attempt to hijack their browser through JavaScript or pages that offer Trojans disguised as codecs and bogus updates for Mozilla’s Firefox.

The Tech Herald reports that all of the offending compromised domains are using open source CMS software which was not updated and, consequently, vulnerable to attack. They also noted that topics related to Black Friday, Bristol Palin, Dancing with the Stars, and others have been targeted by the same black hat SEO campaign.