Natasha Richardson’s Death Used as Lure for Spreading Scareware
According to Sophos, an online security company, computer hackers are taking advantage of people's interest surrounding the news of the death of Natasha Richardson, an English actress who met with an accident lately.
The company says that the online criminals are rapidly creating malevolent web pages and filling them up with key phrases pertaining to the death of the actress. The strategy that exploits content picked up from genuine news websites is designed to obtain a high rank for websites hosting malicious software on search engines.
Graham Cluley, Senior Technology Consultant, Sophos, states that cyber criminals rely primarily on speed while creating a page they intend to be displayed high among search engine results, as reported by SCMagazine on March 19, 2009. According to Cluley, hackers believe that there would be more people interested in searching news about the middle-aged actress now than after two weeks.
Moreover, users going to the maliciously crafted websites are likely to be infected with a malevolent script that Sophos researchers identified as Reffor-A, which encourages users into buying spurious antivirus software.
The security researchers further state that spurious antivirus applications are some of the fastest rising nuisances on the Internet. Typically, these try to alarm end-users into falsely believing that their computers have malware, tricking them into buying worthless clean-up software.
Moreover, by making use of news about Richardson's demise, the cyber crooks have timed their attack, raising the possibilities of unwitting users accessing the criminals' perilous sites, said researchers.
Ultimately, Sophos observes that it is clear from the incident that visiting a reputed news site directly is safer than relying on search engine results to know the latest information as they could lead the user to a keyword filled website hosting malicious code.
Meanwhile, according to the security specialists, hackers regularly exploit current news stories, and mostly before any security response is available. For instance, hackers took advantage of the confusion that the Symantec/PIFTS.EXE incident created in early March 2009 to lure surfers to rogue websites stuffed with keywords but touted fake anti-malware software.
» SPAMfighter News - 24-03-2009