It’s a trick as old as the hills, but that doesn’t mean that 21st century internet users aren’t going to fall for it.
Take one pretty celebrity (take your pick from Jennifer Lopez, Britney Spears, Anna Kournikova).
Spam out an email claiming to contain sensational news about said celebrity (typically this will involve nakedness).
Infect the recipient’s computer when they open the attached file/click on the link.
On this occasion, the sexy celebrity is singer and hip-waggler Shakira. Whoever was behind the malware campaign didn’t claim that Shakira was naked (to be honest, that wouldn’t be much of a lure… I mean, once you’ve seen one of Shakira’s videos you’ve pretty much seen everything).
Instead, the email claims that Shakira has died, and invites you to open the attached Word document.
Security researcher Conrad Longmore on the Dynamoo blog has published more details of the malware attack, where he explains that the email’s Spanish-language text describes how Shakira supposedly died in a car accident.
From: El Universal [[email protected]] Date: 5 September 2014 14:50
Subject: Shakira muere en grave accidente
Muere Shakira en grave accidente
Esta madrugada a las 1:10 A.M. en el barrio la Macarena, Colombia. La conocida cantante e intérprete Shakira Isabel Mebarak Ripoll, sufrió un grave accidente automovilístico en el cual perdio la vida. Abordo del vehículo también se encontraba su manager, que quedó con heridas graves. Testigos, dicen que el auto conducido por este último, se dirigia a exceso de velocidad..
Para ver imágenes exclusivas y detalles de la noticia adjuntamos un documento con toda la información sobre este trágico acontecimiento.
El Universal © todos los Derechos Reservados 2014.
The email explains that if you are feeling ghoulish, you should open the attached Word document (named IMAGENES_01.doc) which claims to contain further information and images of the fatal road crash.
Seriously, why would anyone fall for a trick like this? Is it normal for news agencies to spam out details of a celebrity’s death *and* include an attachment containing photographs?
Sadly, many people are so addicted to having the very latest celebrity gossip that they probably fail to engage their common sense before clicking on the dangerous file.
Of course, opening the Word document is the very last thing you should do.
But if you do make the mistake, you will see a message (in Spanish) telling you how to disable Word’s security settings – which will, of course, allow malicious code to activate and allow it to download further malware from the net.
Be on your guard, and keep your anti-virus software updated.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
One comment on “Shakira death hoax email spreads malware attack”
"Seriously, why would anyone fall for a trick like this? Is it normal for news agencies to spam out details of a celebrity’s death *and* include an attachment containing photographs?"
Of course it is normal. Just ask Facebook. They do it quite a lot and they're quite good at it too! They're one of the most famous news agency's known to mankind. I think that is pretty impressive actually considering how young they are. But surely you know this by now ? I know it and I live in an wild animal's den!
"Sadly, many people are so addicted to having the very latest celebrity gossip that they probably fail to engage their common sense before clicking on the dangerous file."
Addicted is one way of putting it. Other possibilities (although the rest of the sentence might not make sense, I admit): sick, hopeful (see first entry… well, in most cases, right? first entry is always the case for some things, of course), lacking a life (even I have more than THAT!) and I am sure there are many more. But who cares? It is news and people love their news, right? Especially news with sick, gruesome images (it is the news so it is real!) and stories (in the case of these news stories, they're always real). They lack enough drama in their life that they so crave that they decide to fix it in any way they can (or is that "fix"?).