14 DAY TRIAL // The untimely death of English actress Natasha Richardson has been heavily exploited by malware distributors who have created fake websites filled with keywords related to the incident. The pages have been part of a scareware advertising campaign.
Natasha Richardson was an award-winning actress, better known for her performances on stage than for the various roles she played in movies. Last week, she suffered a head injury while taking a skiing lesson on a beginners' slope at a resort in Quebec. The incident did not look serious at the beginning, but her health rapidly declined afterwards and she passed into a comma. Unfortunately, the doctors were not able to recover her.
This sort of breaking news is bound to attract a lot of interest in the form of search queries, at least for a day. Therefore, the cybercrooks have wasted no time in trying to capitalize on the tragic event, Graham Cluley, senior technology consultant for anti-virus vendor Sophos, warns.
"It appears that hackers are stuffing webpages with keywords – most likely scraping the content off legitimate news websites – in order to lure unwary surfers into visiting their dangerous sites and infecting their computers," the security researcher writes on his blog.
Mr. Cluley has analyzed several such websites hosted in Germany. The sites attempt to load obfuscated JavaScript code detected as Troj/Reffor-A, which has the purpose of running what appears to be an anti-virus scan.
It then seeks to scare the users into buying a worthless and ineffective security application by falsely claiming that their computers are infected with various malicious applications. "Fake anti-virus products, also known as scareware or rogueware, are one of the fastest growing threats on the Internet," the Sophos researcher explains.
This is not the first time that cybercriminals have used blackhat search engine optimization techniques in order to infect users searching for information about a popular event. We have recently reported that similar pages have been created during the Symantec PIFTS.exe incident.
Previous examples include the fake pages that have been set up to serve trojans during the last Gmail downtime. Just as in this case, the trojans have had the purpose of scaring the user into paying money for rogue anti-virus programs.