Cybercrims exploit missing flight MH370 concerns

Cybercriminals are using the mystery surrounding missing Malaysia Airlines Flight 370 as a way to infect unsuspecting internet users with malware.

That’s according to a blog post by Trend Micro Threat Response Engineer Rika Joi Gregorio.

One scheme involves a fake video about the flight which Trend Micro believes is spreading via email.

“The video is supposedly a five-minute clip about MH70 named Malaysian Airlines MH370 5m Video.exe. In reality, it is a backdoor detected as BKDR_OTOPROXY.WR,” Gregorio wrote.

“As is the case with most backdoors, this malware allows a remote attacker to execute various commands on the system, including downloading and running files from its servers and collect various system information.”

Gregorio noted something unusual about the backdoor.

“Its command-and-control (C&C) server at www-dpmc-dynssl-com (replace dashes with dots) was noted by other security researchers in October of last year as being related to a targeted attack. It is unusual for a targeted attack to share the same infrastructure as a more ‘conventional’ cybercrime campaign, yet that appears to be the case here. We currently have no information that this particular backdoor is being used in targeted attacks,” the engineer wrote.

Cybercriminals are also using survey scams based around the missing flight, some of which include a fake Facebook replica, a fake YouTube and a fake video of the missing plane.

Trend Micro advises users to rely on “reputable and trusted news sites” to get information on current events, rather than through emails or social networking sites.