Other celebrities targeted in similar black-hat SEO campaigns

May 11, 2009 08:40 GMT  ·  By

Security researchers warn that cyber-criminals are trying to profit from the public interest raised by the recently leaked photos allegedly featuring pop singer Rihanna in compromising postures. By hosting malicious content on heavily trafficked social networking websites, they successfully forced their Rihanna-themed pages to appear higher in search results.

Pop music fans were taken by storm on Friday by news that adult-oriented pictures of the award-winning singer were circulating on the Internet. The story got far more appealing as Rihanna's attorneys started sending cease-and-desist letters to websites hosting them, claiming violation of the artist's rights, thus adding to the impression that it was, indeed, her in the compromising photos.

As it is usually the case with subjects that generate significant search-engine traffic, the malware distributors jumped at the opportunity and set up electronic traps. Alex Eckelberry, CEO of security vendor Sunbelt Software, documented some of the bogus search results. "The third search result is a page on Microsoft’s Technet, pushing malware. And just further down, is another link, which leads to malware," he warns.

In order to raise the curiosity-bar even higher, the cyber-crooks set up pages linking to an alleged adult video featuring Rihanna. However, trying to play the movie prompts the download of a file called Mediacodec_v3.7.exe, suggesting that a special video codec is required. The file is, in fact, a malware installer.

In addition to the fake Technet, media content-sharing website Uvouch has been abused in a similar manner and has been found hosting pages linked to the malicious campaign. But Rihanna is not the only celebrity making the subject of these attacks.

"Same type of thing happening with Malin Ackerman (female star of the Watchmen)... and plenty of other celebrities. A search of the Uvouch site itself is telling. The top results here all point to similar malware links (Megan Fox, Zoe Saldana, Tila Tequila, and so on)," Mr. Eckelberry notes.

The fake video schemes are nothing new and neither is the technique of hosting malicious content on legit social networking websites. Back in January, security researchers warned that a highly similar campaign was undergoing on LinkedIn. Bogus profiles for personalities such as Beyoncé Knowles, Victoria Beckham, Christina Ricci, Kirsten Dunst, Salma Hayek, Kate Hudson, Paris Hilton, Kim Kardashian, Jaime Pressly, Christina Aguilera, Keri Russell, Zooey Deschanel, Lizzy Caplan, Brooke Hogan, and Tila Tequila were identified.

Even if they are using search engines to locate news stories and celebrity gossip, users are encouraged to only follow the links pointing to websites, such as those belonging to media outlets, which they know and trust.