Cybercriminals don’t waste any time these days jumping on the coat-tails of breaking news stories in their attempt to infect as many computer users as possible. This time it’s the tragic death of award-winning English actress Natasha Richardson, who died yesterday after suffering head injuries in a skiing accident earlier in the week.
It appears that hackers are stuffing webpages with keywords – most likely scraping the content off legitimate news websites – in order to lure unwary surfers into visiting their dangerous sites and infecting their computers.
We’ve already seen a couple of compromised websites in Germany that are hosting content such as the following for example:
By filling their webpages with content scraped off the internet related to Natasha Richardson’s death, the hackers make their attack quite timely and increase their chances of trapping victims.
Speed is everything for cybercriminals keen to create a page that will show up highly in search engine results. The hackers know that more people will be searching for information about the 45-year-old actress today than, say, in two weeks time.
But, of course, if you do visit the malicious web link a malicious script will run on your computer, detected by Sophos as Troj/Reffor-A, that then runs a fake anti-virus product designed to scare you into making an unwise purchase.
Fake anti-virus products, also known as scareware or rogueware, are one of the fastest growing threats on the internet, and attempt to frighten you into believing that your computer has a security problem and that you should purchase a solution from the very people who have tricked you.
Of course, this isn’t the first time that hackers have taken advantage of a breaking news story. Earlier this month we saw very similar keyword stuffing (again designed to initiate a fake anti-virus scan) related to the Symantec / PIFTS.EXE debacle.
So, next time you hear about a breaking news story, it might be wiser to visit an established news website like the BBC, CNN or Sydney Morning Herald, rather than using a search engine which might take you to a keyword-stuffed site harbouring malware.
