WikiLeaks is hosting 324 confirmed instances of malware among its caches of dumped emails, a top Bulgarian anti-malware veteran says. Random checks of reported malware hashes find the trojans are flagged as malware by Virus Total's static analysis checks.
Much of the malware appear to be attachments emailed by black hats in a bid to compromise the various parties affected in the WikiLeaks dumps.
Dr Vesselin Bontchev (@bontchev) says the instances of malware are only those confirmed and found in an initial search effort. [...] "The list is by no means exhaustive; I am just starting with the analysis," Bontchev says.
(Score: 1, Insightful) by Anonymous Coward on Monday August 22 2016, @01:18PM
This is ... what, a surprise? Do you not know how common malware in email is? It's pretty danged common. There have been many huge email blasts full of email in the last few months. Like, monumentally huge. They have some new twist that's never been done before every month.
If you didn't know this, the efforts you or your mail provider have made to mitigate have been very effective.
(Score: 4, Interesting) by Anonymous Coward on Monday August 22 2016, @01:39PM
It is not unexpected. But forensic research may reveal useful information here.
Different espionage groups use different exploit tools. These are high-value targets, their email may contain zero-day exploits. There may even be exploits that can be tracked back to private espionage groups that are legally forbidden from selling their products to certain countries.
(Score: 0) by Anonymous Coward on Monday August 22 2016, @01:51PM
It would be interesting to see which of the attachments do not trigger detections but still contain malware.