Threat Management, Incident Response, Malware, Network Security, TDR

Death of actress Natasha Richardson exploited by scareware

The speed at which cybercriminals can link their scams to breaking news seems to be increasing. A day after news broke of the death of 45-year-old British actress Natasha Richardson, malicious websites sprung up to attract readers looking for information on the tragedy.

According to Graham Cluley's blog on the Sophos website, “hackers are stuffing webpages with keywords – most likely scraping the content off legitimate news websites – in order to lure unwary surfers into visiting their dangerous sites and infecting their computers.”

A number of compromised websites hosting content in Germany have already been detected, reported Cluley. “By filling their webpages with content scraped off the internet related to Natasha Richardson's death, the hackers make their attack quite timely and increase their chances of trapping victims,” he wrote.

For this ruse to work, speed is the key element in attracting unwary visitors, he added, as the hackers are well aware that more people will be searching for information about the actress right away, as interest will likely fade in a few days.

But visitors who click on any of these tainted sites generate a malicious script that will run on their computer. The script, identified by Sophos as Troj/Reffor-A, then runs an ad for a phoney anti-virus product intended to frighten computer users into making a bogus purchase of a worthless and ineffective security application that promises to clean up the infection.

“Fake anti-virus products, also known as scareware or rogueware, are one of the fastest growing threats on the internet, and attempt to frighten you into believing that your computer has a security problem and that you should purchase a solution from the very people who have tricked you,” wrote Cluley.

This form of social engineering is certainly not a new phenomenon. Similar cyber ruses have exploited web user's sympathies for victims of Hurricane Katrina and other national disasters, as well as corralling sports fans in advance of the interest in this week's NCAA tournament, also known as March Madness.

Last December, the FTC brought legal action for a similar ruse against two firms – Innovative Marketing and ByteHosting Internet Services – in an attempt to shut down sellers of fake security software, such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus.

But the question lingers: What more can be done?

"Unfortunately, the bad guys are using hacked legitimate websites to plant their malicious webpages, so we can't even call on domain registrars to go to greater efforts to confirm that people buying domains are who they say they are," wrote Cluley in an email message to on Friday.

What's needed is to get all website owners to take greater care to defend their sites from attack, so they can't be taken over, Cluley pointed out in his email.

"And, get users to run up-to-date anti-virus software and security patches so if they do end up on a malicious site, it's less likely to do harm," he said.

Of course, he added, "it would be great if we could remind people to always get their news from established news sites – but human nature being what it is, I don't think that's ever going to be learnt by the masses."

So, the answer, he advised, is to protect your computer to the hilt, be suspicious of unexpected fake anti-virus alerts, and be very careful before giving anyone your personal or financial details.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.