Brazilian Phishers Exploit Amy Winehouse's Death to Spread Trojan

  Brazilian users targeted via fake Amy Winehouse pictures
Security researchers warn that the untimely death of English singer Amy Winehouse is not only exploited by scammers, but also malware pushers.

Security researchers warn that the untimely death of English singer Amy Winehouse is not only exploited by scammers, but also malware pushers.

The 27-year-old Grammy award winning singer was found dead in her house in London last Saturday. The news spread on the Internet like wildfire prompting cyber criminals to exploit it.

Security researchers warned about many survey scams circulating on Facebook and luring users with fake videos and pictures of Amy Winehouse's body.

As sad as it might sound, this is probably what people were searching for, because scammers often adapt their campaigns to target trending search topics.

Malware experts from Panda Security warn that Brazilian phishers have also adopted a similar tactic to spread a DNS hijacking trojan.

The company has detected a malicious URL of the form http://removed/103684policia-inglesa-divulga-fotos-do-corpo-da-cantora-amy-winehouse-WVA.exe being heavily circulated in the wild.

The name of the file means "English Police shows pictures of Amy Winehouse body." The executable is actually an installer for a trojan detected by Panda as Trj/Banbra.GBW which modifies the Windows HOSTS file to hijack the DNS of popular banking sites.

As a result, when users attempt to visit the targeted websites from an infected computer they get redirected to spoofed pages that steal their login credentials. In addition to financial sites, the trojan also targets Hotmail.

Panda researchers note that the malicious link was the most commonly detected malware URL two days in a row, a fact that they claim suggests this campaign was very effective.

"This is not the first time the death of a famous person has been used to propagate malware; for example, when Michael Jackson died we could see the same kind of attacks," Panda Security's Luis Corrons notes.

Comments