Natasha Richardson’s death exploited by hackers

Natasha Richardson's death exploited by hackers

Cybercriminals don’t waste any time these days jumping on the coat-tails of breaking news stories in their attempt to infect as many computer users as possible. This time it’s the tragic death of award-winning English actress Natasha Richardson, who died yesterday after suffering head injuries in a skiing accident earlier in the week.

It appears that hackers are stuffing webpages with keywords – most likely scraping the content off legitimate news websites – in order to lure unwary surfers into visiting their dangerous sites and infecting their computers.

We’ve already seen a couple of compromised websites in Germany that are hosting content such as the following for example:

Natasha Richardson malicious webpage

By filling their webpages with content scraped off the internet related to Natasha Richardson’s death, the hackers make their attack quite timely and increase their chances of trapping victims.

Sign up to our free newsletter.
Security news, advice, and tips.

Speed is everything for cybercriminals keen to create a page that will show up highly in search engine results. The hackers know that more people will be searching for information about the 45-year-old actress today than, say, in two weeks time.

Natasha Richardson malicious script

But, of course, if you do visit the malicious web link a malicious script will run on your computer, detected by Sophos as Troj/Reffor-A, that then runs a fake anti-virus product designed to scare you into making an unwise purchase.

Fake anti-virus

Fake anti-virus products, also known as scareware or rogueware, are one of the fastest growing threats on the internet, and attempt to frighten you into believing that your computer has a security problem and that you should purchase a solution from the very people who have tricked you.

Of course, this isn’t the first time that hackers have taken advantage of a breaking news story. Earlier this month we saw very similar keyword stuffing (again designed to initiate a fake anti-virus scan) related to the Symantec / PIFTS.EXE debacle.

So, next time you hear about a breaking news story, it might be wiser to visit an established news website like the BBC, CNN or Sydney Morning Herald, rather than using a search engine which might take you to a keyword-stuffed site harbouring malware.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.