Feeds

Erin Andrews peephole footage spreads Trojan

Malware risk to the unwary horny

The Power of One eBook: Top reasons to choose HP BladeSystem

Updated Supposed hidden camera footage of US sports reporter Erin Andrews on offer online often leads to malware, security firm Sophos warns.

Websites claiming to provide nude video of glamorous ESPN reporter Erin Andrews are in reality a trick designed to trick both Windows and Mac surfers into installing malware. Hackers are taking advantage of hype around supposedly covert footage of the glamorous reporter to distribute Trojan horse malware.

Malicious code ultimately designed to fleece Windows users by tricking them into buying rogue security software of little or no utility is hosted on sites that can pose as affiliates of reputable news outlets, such as CNN. In reality the sites are complete fakes, but smut-seeking surfers might still find their way onto them anyway because of the use of black hat search engine optimisation techniques.

Surfers who visit the malicious sites are exposed to either the Jahlav-C Trojan horse on Macs, or the FakeAV-AY Trojan for Windows. In both cases, muck-fixated punters are tricked into downloading malware that poses as a video player supposedly needed to view footage of Andrews in her birthday suit. Code running on the hacker-controlled websites determines which strain of malware is offered up to visitors.

Sophos has posted a educational video on YouTube Vimeo (below) explaining the attack. It reports that following through on the trick will allow punters to see video of an unidentified, undressed woman, possibly in an attempt to take attention away from the malware infection happening in the background.

Meanwhile, back in the real world, lawyers acting for Andrews are taking legal action against anyone distributing copies of the illicitly-obtained footage online. The footage was obtained without either the knowledge or consent of the high-profile reporter. ®

Update

YouTube has pulled Sophos's video explanation of the threat, possibly in the false belief it might be malign or out of prudishness, after deciding it was “inappropriate content”. The run-down can still be found on vimeo here.

Designing a Defense for Mobile Applications

More from The Register

next story
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.