WikiLeaks’ Exposed Stratfor Trove Maligned with Malware

A system administrator Josh Wieder who recently visited WikiLeaks discovered malware laced into documents of the publicly exposed Stratfor, stated techworm.net dated July 19, 2015.

Austin, Texas (US) situated American think tank, Stratfor that handles security issues, during late 2011, became victim of a hack by Jeremy Hammond. Hammond the hacker forwarded the e-mail archive of the company to WikiLeaks during early the next year. WikiLeaks, as it handles any other leaked file coming into its grip, publicized the dump.

Wieder scanned all the 5m electronic mails dumped together just for discovering malicious software inside most of the files.

In a blog post, Wieder described the data as truly enormous, more than 5.5m e-mails. The dump was probably so enormous that 2-yrs weren't enough for accurately examining as well as cleansing the documents before they were wholly published during 2014 (from the year 2012 when WL received them). Techworm.net published this, July 19, 2015.

Further as per Wieder, plentiful malware got illegally included as PE/OLE files else VBScript macros. It was probable that more contaminated documents were hanging about inside WikiLeaks' dump of unfiltered folders. The Register reported this, July 17, 2015.

As an instance of the above, the February 2011 dated internal memo regarding Libya's conflict-torn regions of Tripolitania and Cyrenaica had an attached Word file, which indicated presence of malware when examined with VirusTotal, as there was one code-execution attack code inside it for the CVE-2010-3333 vulnerability in Mac and Windows (Microsoft Office).

Wieder has prepared one catalog of Stratfor electronic mails that carry the malware described.

He says he discovered eighteen active malware strains inside the e-mail dump, the majority of which had Word, Excel or PDF files implanted. One malware strain had been created for plucking user registration details from applications. These were addresses and names that were then sent over the Internet onto a remote system.

The Sysadmin further states he has been asking the whistle blowing WikiLeaks site for getting the database sanitized. According to him, no reputable news website would be expected to harbor malware-laced documents, therefore WikiLeaks that claims to be accountable, should not either.

» SPAMfighter News - 7/28/2015