Tuesday, November 07, 2006

Wikipedia under attack

The virus writers created a page on the German Wikipedia that linked to a fake fix for a new version of an old malicious Windows worm.
But instead of curing a bug, those installing the fix would be infected by a new Windows virus.
The booby-trapped page on the German version of the online encyclopaedia has now been removed.

Cleaning up

"The very openness of websites like Wikipedia - which allow anyone to edit pages - makes them terrific, but can also make them less trustworthy," said Graham Cluley, senior technology consultant for Sophos. "In this case, the article in question wasn't just misleading, it was downright malicious."

The page hijacked by the virus creators was about a new variant of the Windows Blaster worm. This malicious program debuted in 2003 and caught out many PC users.

Included on the page was a link to a supposed patch that, once downloaded and installed, would protect against this new version. However, anyone installing this on a Windows machine would infect themselves with a virus.

The malicious hackers behind the fake article then sent out a German-language spam e-mail with a message crafted to look like it came from Wikipedia. The message directed people to the booby-trapped page and the fake fix.

By piggy-backing on the good name of Wikipedia the message got past e-mail filters that would otherwise have cleaned it up.

It is not thought that many people fell victim to the booby-trapped page or downloaded the dangerous file.

"The good news is that the authorities at Wikipedia quickly identified and edited the article on their site," said Mr Cluley.

Archived versions of the booby-trapped pages have also been deleted.

Your Ad Here