Death of actress Natasha Richardson exploited by scareware

Share this article:
The speed at which cybercriminals can link their scams to breaking news seems to be increasing. A day after news broke of the death of 45-year-old British actress Natasha Richardson, malicious websites sprung up to attract readers looking for information on the tragedy.

According to Graham Cluley's blog on the Sophos website, “hackers are stuffing webpages with keywords – most likely scraping the content off legitimate news websites – in order to lure unwary surfers into visiting their dangerous sites and infecting their computers.”

A number of compromised websites hosting content in Germany have already been detected, reported Cluley. “By filling their webpages with content scraped off the internet related to Natasha Richardson's death, the hackers make their attack quite timely and increase their chances of trapping victims,” he wrote.

For this ruse to work, speed is the key element in attracting unwary visitors, he added, as the hackers are well aware that more people will be searching for information about the actress right away, as interest will likely fade in a few days.

But visitors who click on any of these tainted sites generate a malicious script that will run on their computer. The script, identified by Sophos as Troj/Reffor-A, then runs an ad for a phoney anti-virus product intended to frighten computer users into making a bogus purchase of a worthless and ineffective security application that promises to clean up the infection.

“Fake anti-virus products, also known as scareware or rogueware, are one of the fastest growing threats on the internet, and attempt to frighten you into believing that your computer has a security problem and that you should purchase a solution from the very people who have tricked you,” wrote Cluley.

This form of social engineering is certainly not a new phenomenon. Similar cyber ruses have exploited web user's sympathies for victims of Hurricane Katrina and other national disasters, as well as corralling sports fans in advance of the interest in this week's NCAA tournament, also known as March Madness.

Last December, the FTC brought legal action for a similar ruse against two firms – Innovative Marketing and ByteHosting Internet Services – in an attempt to shut down sellers of fake security software, such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus.

But the question lingers: What more can be done?

"Unfortunately, the bad guys are using hacked legitimate websites to plant their malicious webpages, so we can't even call on domain registrars to go to greater efforts to confirm that people buying domains are who they say they are," wrote Cluley in an email message to SCMagazineUS.com on Friday.

What's needed is to get all website owners to take greater care to defend their sites from attack, so they can't be taken over, Cluley pointed out in his email.

"And, get users to run up-to-date anti-virus software and security patches so if they do end up on a malicious site, it's less likely to do harm," he said.

Of course, he added, "it would be great if we could remind people to always get their news from established news sites – but human nature being what it is, I don't think that's ever going to be learnt by the masses."

So, the answer, he advised, is to protect your computer to the hilt, be suspicious of unexpected fake anti-virus alerts, and be very careful before giving anyone your personal or financial details.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

More in News

Two Russian cybercriminals nabbed in Android malware scheme

Two men were arrested for stealing money from victims' bank accounts after sending malicious emails offering a romantic gift.

TorrentLocker developers patch error

Victims had been able to restore encrypted files without paying a ransom.

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.