This month, we're taking a look at an online trap set by cyber criminals to take advantage of public interest in the latest, breaking celebrity news.
Understanding the Threat
When most people want to learn more about the latest news, they turn to their PC's to help keep them informed – going online to find out what's being reported on news sites, being buzzed about on blogs, or tweeted about on Twitter. Cyber criminals use that knowledge to help distribute malware and to con potential victims.
In late June and early July, the spat of malware distribution using these types of tactics was particularly offensive, due to the nature of the news that was exploited (not to mention, the speed of the attacks). As Andrew Browne, Lavasoft malware analyst and Malware Labs team leader, says, “The trend of exploiting current news events to deliver malware continues to push the boundaries of decency. It's not very often we are taken aback by malware distribution methods, but the recent vulture-like exploitation of the deaths of Michael Jackson and Farrah Fawcett really is plumbing the depths of social engineering techniques,” Browne says.
Within hours of the news of the death of Michael Jackson, the first waves of spam exploiting the death of the “King of Pop” were seen, according to industry experts. Subsequent scams, which also involved the news of the death of actress Farah Fawcett, were played out by way of calls to action to view a link or download a file to view supposed breaking news, spam attempting to harvest e-mail addresses, and search engine manipulation. To get a better understanding, Malware Labs takes you through one example, below, of a common ploy used by malware distributors is to create a web page that offers videos for download.
The Bad Behavior
Malware distributors took advantage of the fact that the deaths of Michael Jackson and Farrah Fawcett would generate a high amount of online searches by creating rigged sites that claimed to offer videos related to the news story. These booby-trapped sites are then tagged in such a way that means they will turn up in search engine results, making it all too easy for the unwary surfer to stray onto these pages.
If you click on the link to watch the video, you would be prompted to install a file that will allow the video to run – an extremely common tactic used on malicious websites that appear to serve pornographic videos.
Lavasoft detects this specific threat in Ad-Aware's Detection Database as Win32.TrojanDownloader.Fraudtool. The infection installs several files (called a.exe, b.exe, c.exe) and drops a browser helper object file that hooks into Internet Explorer. Thus, the infection will then begin to pop-up warnings encouraging the victim to download a rogue anti-malware application.
What can you do to prevent being infected by these underhanded tactics? Be aware that social engineering scams will undoubtedly be used to take advantage of the latest breaking news to distribute malware. You can count on the fact that online scammers will quickly hone in on news and events that draw widespread attention around the world. In their efforts to grab your attention and boost credibility, malware and scam authors create their ploys in all shapes and sizes. When browsing the Web, a healthy dose of skepticism can be the difference between falling for a ploy and recognizing a site as malicious.
Other winning strategies to stay safe include always getting your news from a reliable source, and preparing your PC with real-time security protection in order to be actively protected from malware, and to be alerted to possible threats.