• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Malware
  • Cybercrime exploits the crash of Malaysia Airlines Flight MH17

Cybercrime exploits the crash of Malaysia Airlines Flight MH17

Pierluigi Paganini July 21, 2014

Security experts at TrendMicro have detected a spam campaign via Twitter which exploits the incident occurred to Malaysia Airlines Flight MH17.

Unfortunately, tragedies like the one occurred to the Malaysia Airlines Flight MH17 or the recent escalation in Gaza are excellent occasions for cyber criminals that try to exploit the public attention to carry out illegal activities.

Cyber criminals could arrange spam campaign and phishing attacks to collect victims’ personal information and serve malware.

Security experts have observed cyber attacks which are explicitly using news on the Malaysia Airlines Flight MH17 crash to deceive Internet users.  Media agencies sustain that the Boeing 777 Flight MH17 of the Malaysia Airlines,  carrying 298 individuals (including passengers and crew members), was struck by a missile launched by a mobile ground station.

Russian and Ukrainian governments are exchanging mutual accusations on the terroristic attack, public opinion is blaming pro-Russian separatist rebels sustaining that the Kremlin is helping them to destroy the clues.

Social media are flooded with news and images on the crash of Malaysia Airlines Flight MH17, cyber criminals are using social engineering techniques to spread malware tricking victims into visit compromised web site.

Experts at security firm Trend Micro have detected tweets written in the Indonesian language which spread news related to the crash of the Malaysias Airlines Flight MH17, the tweet includes the hashtag #MH17 to lure victims that search for information on the incident.

The cyber criminals behind this malicious campaign started their operations just after the crash on July 17th, one of the tweet states:

 “Malaysia Airlines has lost contact of MH17 from Amsterdam. The last known position was over Ukrainian airspace.”

The message was retwetted by hundreds of users, that in an unconscious were advantaging the scammers spreading the malicious links.

 

MH17 Malysian Airlines

 

The experts at TrendMicro discovered that the URLs used by criminals resolve to the following IPs:

  • 72[dot]8[dot]190[dot]126
  • 72[dot]8[dot]190[dot]39

The analysis revealed that the IPs belong to a shared hosting in the US, many other domains are mapped on these addresses, some of them legitimate. The experts discovered that the spam campaign related Malaysia Airlines Flight MH17 has as a primary purpose the increase of hits/page views on sites or ads managed by cyber criminals.

The malicious domains were mainly used to spread a ZeuS variant SALITY malware.

“ZeuS/ZBOT are known information stealers while PE_SALITY is a malware family of file infectors that infect .SCR and .EXE files. Once systems are infected with this file infector, it can open their systems to other malware infections thus compromising their security.” reports the blog post from TrendMicro.

Cybercriminals always exploit news on tragic events, in the past security experts have seen several scams and threats that leveraged news like the Boston marathon and 2011 tsunami/earthquake in Japan, be aware because they will continue to do this … and the crash  of the Malaysia Airlines Flight MH17 is still an excellent news to ride.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

Security Affairs –  (MH17, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Boston Cybercrime Hacking Malaysia Airlines Flight malware MH17 phishing Russia scammers Trend Micro Ukraine Zeus

you might also like

Pierluigi Paganini July 28, 2025
Scattered Spider targets VMware ESXi in using social engineering
Read more
Pierluigi Paganini July 27, 2025
Allianz Life data breach exposed the data of most of its 1.4M customers
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

    Security / July 28, 2025

    Scattered Spider targets VMware ESXi in using social engineering

    Cyber Crime / July 28, 2025

    China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

    Hacking / July 28, 2025

    Allianz Life data breach exposed the data of most of its 1.4M customers

    Data Breach / July 27, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

    Malware / July 27, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT