WikiLeaks Spreads Malware In Email Data Dump

Security expert Vesselin Bontchev has scanned the WikiLeaks data-dump from Turkey’s ruling political party (AKP) and found at least 80 different malware strains contained within the emails.

At Bontchev’s Github page, he published a neutered list of emails (the links are disabled and made so that they cannot be linked easily by bots indexing his page) – and the list is impressive.

Anyone searching the Wikileaks database could easily download malware attachments by clicking on the wrong link. Dr. Bontchev disclosed the links safely in his report, and said that his findings were “by no means exhaustive.” He said most of the malware discovered were “run-of-the mill” spam, scams and phishing attacks enticing the recipient to click on the enclosed attachment, which is fairly bad news for any journalist or anti-censorship advocates investigating the leak by searching Wikileaks.

Here is a sample of the data provided by Dr. Bontchev:

Wikileaks e-mailWikileaks URL to the malicious attachmentVirusTotal analysis
36138hxxxx://wikileaks[.]org/akp-emails/fileid/36138/20098F36CB35F410AB65958A6CCA846737A9C
87325hxxxx://wikileaks[.]org/akp-emails/fileid/87325/2924896BA545BBB538B7E11ADDE2FA8A61EE7
24918hxxxx://wikileaks[.]org/akp-emails/fileid/24918/1297266488B5C93993328BD2F71D83D413F35
80311hxxxx://wikileaks[.]org/akp-emails/fileid/80311/282824FA2390A493464BC3C8AC3923E1EF0D4
12hxxxx://wikileaks[.]org/akp-emails/fileid/12/3FB7283CFB685CF7BCE7FF2E216EC499B
25087hxxxx://wikileaks[.]org/akp-emails/fileid/25087/13153E36FF18F794FF51C15C08BAC37D4C431
44668hxxxx://wikileaks[.]org/akp-emails/fileid/44668/22734FD61711E05E5253C2C6D94A9750DFC30
25925hxxxx://wikileaks[.]org/akp-emails/fileid/25925/1357764DD5201EF63169BBC62EA26C26AF8ED
25925hxxxx://wikileaks[.]org/akp-emails/fileid/25925/1357882CA501DF43984122C1E6494AD300140
26194hxxxx://wikileaks[.]org/akp-emails/fileid/26194/1406811244A7B4A058F0D8D1CEACA000A0745
126415hxxxx://wikileaks[.]org/akp-emails/fileid/126415/349307A5D837478862830F98586AAC2346132
39664hxxxx://wikileaks[.]org/akp-emails/fileid/39664/21803096AEBF87F193A837794A19FA653A0A3
16749hxxxx://wikileaks[.]org/akp-emails/fileid/16749/9084BA81BFE79FC31F4C2EF55ADE47D0B1BE
13474hxxxx://wikileaks[.]org/akp-emails/fileid/13474/86575F8AAFA70D9E4622F896CDA4A8F42856
24132hxxxx://wikileaks[.]org/akp-emails/fileid/24132/124666C5EE6D233AFD2F1F879CF8341D8B7F0
26494hxxxx://wikileaks[.]org/akp-emails/fileid/26494/1466534318DBF1370711A81D4A0B05BAEE532
26897hxxxx://wikileaks[.]org/akp-emails/fileid/26897/1547627524906F0626DA2E99EBA09F9F3E4E0
26194hxxxx://wikileaks[.]org/akp-emails/fileid/26194/1406985B92C924584F00B256CD589A8608AF5
26482hxxxx://wikileaks[.]org/akp-emails/fileid/26482/14643BD90168562D841E1D15F51548A4965C5
26134hxxxx://wikileaks[.]org/akp-emails/fileid/26134/139846D2FD213F0198E8879B0917CC5A4A866
25925hxxxx://wikileaks[.]org/akp-emails/fileid/25925/13579FE94DB7C7E6C3929F76969316424C06A
3389hxxxx://wikileaks[.]org/akp-emails/fileid/3389/2586299EE2919BF5F352B332F98289FCDA57
9655hxxxx://wikileaks[.]org/akp-emails/fileid/9655/7666C94DF84DD14F9DCF1E0D9FF4A64CAA1C
9742hxxxx://wikileaks[.]org/akp-emails/fileid/9742/7695C9D7E127869B0536D348EA6178A4B8F6
26372hxxxx://wikileaks[.]org/akp-emails/fileid/26372/14372775F8F06E7D94B3532E86CC060A2D316
26924hxxxx://wikileaks[.]org/akp-emails/fileid/26924/15536B1C142463B540F0FEA437AEC5A546B3A
26930hxxxx://wikileaks[.]org/akp-emails/fileid/26930/15548818B8933F20803FF4537D12013EB921D
113hxxxx://wikileaks[.]org/akp-emails/fileid/113/64E6DCEECD2BB42E3C5DB631B018B29ACC
125hxxxx://wikileaks[.]org/akp-emails/fileid/125/758D886030BD668207D4D7E731A28CEB1D
962hxxxx://wikileaks[.]org/akp-emails/fileid/962/419D535049E50A6E2594C398BC8DAD82E25
1273hxxxx://wikileaks[.]org/akp-emails/fileid/1273/698CD7C77B85BC13F32D51C0FDB1BC046F9

As a caveat to anyone searching data-dumps, this type of accidental infection a hazard that you need to be aware of – links in emails can easily lead you to a malicious payload. We liken it to dumpster diving at a hospital – you hope that all the hypodermic needles were place in a sharps disposal bin, but there is always a risk that some went into regular trash.

Ready for the right solutions?

It’s time to offload your technology troubles and security stress.

"*" indicates required fields