WikiLeaks AKP dump contains 80 types of malware
Tue 16 Aug 2016
The latest WikiLeaks AKP email contains more than 80 types of malware, an independent researcher has confirmed. The malware includes ransomware and remote-access trojans.
WikiLeaks released emails from the Turkish political party AKP in two parts: one in July, and one on August 5. Anti-virus and malware expert Vesselin Bontchev reviewed the content of those emails and published his findings on his GitHub page. Bontchev listed more than 200 individual emails that contain a link to a confirmed malicious attachment.
His report shows a link to infected emails on the WikiLeaks site, the URL for the malware attachment within the email, and a link to a VirusTotal page, showing the way that different anti-virus scanners are reporting the malware. The URL to the malicious attachment has been made unclickable by substituting ‘hxxxxx’ for ‘https’, as the URL listed is a direct link to the malware and a click would result in an immediate download.
Bontchev also said on Twitter that the findings he released only covered part of the emails on the WikiLeaks site, as they did not include analysis of the emails already marked as spam. After an initial review, he found that the number of malicious attachments increased from 84 to 962 when spam was included – and if duplicates were counted separately, the number more than doubled to 2093. And thus far, he has only analyzed Word documents with the DOCM extension. He went on to say, “I dread to think how much more malware is included with other extensions. Man, what a mess. :(”
The problem with WikiLeaks including emails with malware consisting largely of ransomware and remote-access Trojans is that it makes any investigation of the material posted on the WikiLeaks site very unsafe. Inadvertent clicking on a malicious attachment could result in an immediate download of the malware to the end user’s computer, with potentially harmful results.
Regarding the source material, WikiLeaks insists that it intended to publish emails from the AKP in response to the failed coup in Turkey last month. The WikiLeaks website says, “The material was obtained a week before the attempted coup. However, WikiLeaks has moved forward its publication schedule in response to the government’s post-coup purges. We have verified the material and the source, who is not connected, in any way, to the elements behind the attempted coup, or to a rival political party or state.” It is yet to release a statement regarding the inclusion of malware in the emails posted on its site.