Hackers disguise malware as Google News report of baseball death

Baseball player John C Odom became known to millions across America last May after he was traded for ten maple bats.

Tragically, the 26-year-old died from an accidental overdose of drugs and alcohol late last year.

This news has only just become widely known after the mainstream media stumbled across the story.

So, how is this a relevant topic for this blog? Well, heartless hackers have set up a website pretending to be a Google News search result about John Odom’s death, which installs malicious software onto your computer.

John C Odom search results

In the above graphic showing search results for John Odom’s name, sent to me by Clu-blog reader Pete, you’ll see that squeezed between two legitimate news reports from the Chicago Sun-Times and the Seattle Times is a link to a site called news.google.com7newspapers.[censored]

Clu-blog reader Pete, who brought this piece of malware mischief to my attention speculates that the hackers are using a 7 in the domain name because it looks like a /. In other words, the hackers are hoping that people will mistake the link for a genuine report on Google News rather than a website hosting a piece of malicious code.

Because if you do visit the page you’ll find a Trojan horse called Troj/Reffor-A is downloaded to your Windows PC.

Sign up to our free newsletter.
Security news, advice, and tips.

Of course, many people interested in the story of John C Odom’s tragic end may click on links without noticing that they are attempting to disguise their true nature. No doubt we will see many more examples of hackers leaping on to the latest hot terms searched for on search engines in their attempt to infect as many computer as possible.

Customers using the Sophos WS1000 Web Appliance will find that the website hosting the code is blocked as Mal/BadRef-A.

Credit: Thanks to Clu-blog reader Pete for bringing this to my attention. You can see a larger version of the graphic and some commentary on his Flickr page.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.