Scammers Use Wikipedia To Distribute Virus

If Web 2.0 is built on trust, that may also be its downfall.

Hackers entered a Web page into the German edition of Wikipedia that claimed there was a new variant of the Blaster virus floating around and provided a link to a download to remove the virus.

The problem was, the supposed virus remover was the virus.

The hackers then spammed German computer users, pretending to be from Wikipedia, and directed them to the bogus page about “new worm.” Fortunately, antivirus vendor Sophos caught the email, and it alerted Wikipedia about the bogus page. The page was quickly taken down.

Because of the inherent nature of Wikipedia – an online encyclopedia that anyone can add to or edit – it makes this kind of opportunistic criminal easy. “This was another strong social engineering opportunity,” Gregg Mastoras, vice president of marketing at Sophos, told

Sophos has documented the incident on its home page. Mastoras said this kind of social engineering – a more polite way of saying ‘scamming’ or bs’ing unsuspecting people – is likely not just happening in Wikipedia, but all Web 2.0 projects.

“The more open these Web networks are, you gotta be careful about what you are downloading and that you have the appropriate security to take care of it if it does happen,” he said.

Wikipedia founder Jimmy Wales was not available for comment.

One analyst said he saw it coming. “I’ve been warning about that, but I didn’t think about it happening on Wikipedia,” said Peter Firstbrook, research director for information security and privacy at Gartner.

“We’ve seen these things on MySpace, where they try to social engineer users into downloading a bot or a backdoor. It’s difficult to use malware blockers on these sites because it’s a mix of good and bad.”

Mastoras said this shows a change in strategy by virus writers. “This is another example of how the Web is becoming more of a threat vector than email. Virus writers are writing things that are on Web sites that they trick you into downloading.”

Firstbrook said sites like Wikipedia and MySpace are going to have to adopt security measures similar to Web-based email providers Google, Microsoft and Yahoo. Gmail, Hotmail and Yahoo Mail all scan attachments as they are uploaded, and again when the recipient opens them.

“The wikis and MySpaces of the world will have to start intercepting uploads and start scanning them for malware, and that’s not easy to do,” said Firstbrook. “Scammers can just make a variant on an existing virus and the scanners will probably miss it since they are so lousy at [catching unknown viruses] anyway.”

News Around the Web