Scareware scammers exploit 9/11

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Scareware scammers exploit 9/11

Just when you think the hackers couldn’t get any lower, they plumb new depths.

Cybercriminals hell bent on infecting users with scareware by displaying fake anti-virus scans are hacking legitimate webpages and stuffing them with keywords related to the 9/11 terrorist attack on the United States.

Using search engine optimisation (SEO) techniques, the hackers hope to push their poisoned webpages higher up in Google’s search results.

Sign up to our free newsletter.
Security news, advice, and tips.

Sophos has discovered a number of such hacked pages in the last 24 hours.

In the below example, the hackers are using the name of Tania Head, a woman who claimed to have been in the Twin Towers when they were hit, but was later found to have fabricated her story.

Hacked webpages posing as information on 9/11 attempt to strike visitors with scareware

Sometimes the hackers create brand new webpages (using newly registered domains), filling them with content that they hope will make them more popular in search engine results.

However, the sheer fact that they are newly registered domains can mean they are treated with greater suspicion by the search companies than domains that have been around for some time. This clearly works against the interests of the hackers.

What we are seeing is that hackers are breaking into existing websites, creating webpages that are stuffed with relevant keywords in the hope that they will end up higher in search results and also benefit from the fact that the domain has existed for some time.

Of course, however you stumble across the poisoned webpage, the end result remains the same. A fake virus scan designed to fool you into thinking you have a security problem on your computer, hoping you’ll be tricked into downloading the hacker’s malicious code:

Scareware scan

Sophos security solutions proactively detect the malicious JavaScript on the scareware webpage (as Mal/FakeAvJs-A) and the Windows executable it tries to download as Troj/FakeAv-AAQ.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.