Wikileaks DNC email dump sparks malware fears

The trove of leaked Democratic National Committee emails posted to Wikileaks on July 22 has sparked concerns about malware as users access the vast trove of documents.

WikiLeaks posted close to 20,000 emails and 8,000 attachments that were sent or received from top Democratic officials, appearing to suggest that the committee’s chairwoman, Rep. Debbie Wasserman Schultz, and others favored Hillary Clinton over Sen. Bernie Sanders during the party’s primary. The release forced the resignation of Wasserman Schultz.

On the day of the leak, Google’s Transparency Report warned users of dangerous downloads from Google has not revealed specifically what was detected, although the search giant’s Safe Browsing technology examines billions of URLS each day looking for unsafe websites, and protects over two billion internet-connected devices.’s status was rated as ‘not dangerous’ by Google’s Transparency Report Friday.

Nonetheless, security experts are weighing the significance of last week’s malware warning. Josh Wieder, a systems administrator and security researcher who says he identified malware in Wikileaks’ dump of Global Intelligence Files last year, told that the warning underscores the ongoing security risk posed by the website.

“It is also worth considering how exactly Wikileaks gets their hands on files like the DNC emails and Global Intelligence Files,” he explained, via email, noting the rumors that a foreign intelligence service was responsible for the DNC email dump.  “The point is that even if Wikileaks does not know who is providing them with the DNC emails, it is within reason to suspect that the server hosting those files was compromised.”


“Everything that I know about how Wikileaks distributes files to users indicates that they do a very poor job at operational security, and they have made no attempts to be transparent with users about what steps - if any - are taken by Wikileaks to protect them,” he added.

Other security experts also struck a note of caution around the DNC email dump.

“If the WikiLeaks dump included all email attachments, then malware is very likely being made available,” explained Chris Petersen, CTO of security intelligence company LogRhythm, via email. “However, to execute that malware, someone visiting WikiLeaks would need to open the attachments. Given this, nobody should be in danger of malware infection simply by visiting the WikiLeaks site, although they could get themselves into trouble if they dug too far.”

Google’s Transparency Report, despite currently rating as “not dangerous,” warns that some pages on the site send visitors to dangerous websites and some pages install malware on visitors’ computers.

Ray Rothrock, CEO of cybersecurity analytics company RedSeal, described the potential implications of Wikileaks malware as alarming. “The motivation would be to release a slew of juicy emails – allegedly with amazing scary stuff – get curious people from around the world to read them, and bingo, you’ve executed the perfect phish attack.”

Neither Wikileaks nor the DNC has yet responded to a request for comment on this story.

The reported Wikileaks malware also raises questions about the best ways for users to protect themselves against compromised websites.

“It depends on the attackers’ strategy. Most browsers have protection software that is adept at detecting malware signatures,” said Rothrock. “However, when bad actors update their malware and spread it broadly, they can circumvent browsers’ protection schemes for a short time. This underscores the importance of basic ‘housekeeping,’ such as ensuring browser protections are up-to-date.”

Gary Miliefsky, CEO of breach protection specialist SnoopWall, told that the number one method for deploying ransomware and remote access Trojans has been through email attachments. Miliefsky has also noticed a recent increase in “drive-by malware” hosted on infected web pages and even through Facebook advertisement plug-ins that can install ransomware.

Ransomware, which is malicious software used to extort money, represents a growing threat to users.  The software can encrypt files until a ‘ransom’ is paid in a difficult-to-trace digital currency, such as bitcoins.

Steve Malone, director of technology solutions at email security company Mimecast, says that users also need to exercise good caution in their web browsing. “Users are the weak link and are easy to dupe, so getting them to click a link in an email, enter personal information onto a fake website, or download malware from an email or a website is easy for an attacker,” he told, via email.

Ransomware, which is malicious software used to extort money, represents a growing threat to users.  The software can encrypt files until a ‘ransom’ is paid in a difficult-to-trace digital currency, such as bitcoins.

Follow James Rogers on Twitter @jamesjrogers