Now WikiLeaks is distributing malware


Veteran anti-virus researcher Vesselin Bontchev has discovered that there are thousands of samples of malware available for download from the WikiLeaks website.

The malware found by Bontchev is found in a large tranche of emails leaked from AKP, a Turkish political party.

Bontchev writes:

Since many of the AKP members have been recipients of malware sent by e-mail (most likely random spam but could have also been targeted attacks), the received malware in the e-mails is also present in the dump. As a result, the Wikileaks site is hosting malware. For the record, I consider this to be extremely irresponsible from the part of Wikileaks. Malware distribution is not “journalism” by any definition of the term.

Bontchev found 3277 malicious files on the WikiLeaks site, accessible to anyone on the internet via a single click.

Of course, it’s perfectly possible that the true number of malware samples published on the WikiLeaks site is much larger than this. Bontchev’s focus so far has been on one particular email dump, and used the VirusTotal service to determine if a file was identified as malicious or not.

Furthermore, one cannot discount the possibility that some of the email dumps published by WikiLeaks contain targeted attacks that are not presently detected by any anti-virus product.

WikiLeaks has been criticised before for its unwillingness to curate the leaked information that it leaks - by, amongst others, no less than Edward Snowden.

Anti-virus industry old-timers like me and Bontchev are left with our heads in our hands when we hear that WikiLeaks is apparently making no efforts whatsoever to prevent its readers from encountering malware samples.

Tags: ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts


6 Responses

  1. David L

    August 22, 2016 at 3:47 pm #

    I would have loved to post that picture of Picard and Riker sitting beside each other simultaneously doing the ( Face Palm )

    But I read last night, the DNC was telling their people not to visit Wikileaks because of the “thousands of malware” hosted on the site. We all thought it was a scare tactic, and actually we did not know it had some truth to it. Still, I’ll take a pass though. I’ll just wait for the Hilary stories to hit the press.

  2. Michael Ponzani

    August 22, 2016 at 6:53 pm #

    That’s a real shame.

  3. Simon

    August 22, 2016 at 10:38 pm #

    I’ve had mixed views about WikiLeaks, but it seems it’s lost it’s focus/purpose over the years.

    Placing people’s lives at risk and distributing malware for the sake of ‘journalism’ isn’t journalism.

  4. coyote

    August 23, 2016 at 9:38 pm #

    WikiLeaks has been criticised before for its unwillingness to curate the leaked information that it leaks - by, amongst others, no less than Edward Snowden.’

    Surely that is extremely ironic, quite hypocritical, very telling or some combination?

    On the other hand, according to the BBC:

    An investigation by the Associated Press has found the names and addresses of teenage rape victims, people who have suffered sexual abuse, and information about individuals suffering mental illness in documents on Wikileaks.’

    And that is absolutely disgusting. Unwillingness? Maybe laziness? Incompetence? Lack of ethics? I think the latter is esp true with what the BBC cites and arguably all the others too. That they’ve spread malware is also quite bad.

    I do think Snowden had good intentions however (can’t prove it of course) but whether his execution was good or not I don’t know; Wikileaks clearly is worse in that regard.

  5. Steven

    August 24, 2016 at 6:07 pm #

    Does no one even look at what was found anymore? All of the *infected* emails look like generic spam we all have in our gmail spam folders right now..

  6. Ashwaq Hilal

    August 27, 2016 at 6:16 am #

    My niece has encountered this malwares upon visiting the sites. There are never ending prompts from my ESET Antivirus that I had to shut down my laptop. Glad that all the malwares are gone now.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.