QuoteAccording to Trend Micro researchers, certain sites purporting to contain information on the assassination have malicious Javascript embedded within them. End users wanting more information on the event can conceivably be directed to one of these infected sites, where the script (identified by Trend Micro as JS_AGENT.AEVE) runs and downloads a Trojan (TROJ_SMALL.LDZ). This new Trojan then downloads and installs WORM_HITAPOP.O and TROJ_AGENT.AFFR.
Reserach:
Ars Technica http://arstechnica.com/news.ars/post/20071228-malware-authors-capitalizing-on-bhuttos-assassination.html (http://arstechnica.com/news.ars/post/20071228-malware-authors-capitalizing-on-bhuttos-assassination.html)
Trendlabs Malware Blog:
http://blog.trendmicro.com/bhutto-assassination-javascripted/