Feeds

Scareware scumbags exploit 9/11

Obviously an inside job

The Power of One eBook: Top reasons to choose HP BladeSystem

Updated Fraudsters have set up websites supposedly containing info about 9/11 but actually geared towards running fake anti-virus (scareware) scams.

Net security firm Sophos reports a number of "9/11-related" webpages that actually host malicious code are using search engine manipulation techniques to boost their rankings on Google. Some of the targeted search terms refer to a woman, called Tania Head, who claimed to have been in the Twin Towers on 9/11 but was later exposed as a fraud.

Visitors to the malicious web pages - whether they are using a Mac or a PC - are confronted with a list of viruses that have supposedly infected their system and invited to try out fake security software of little or no utility. The attack is explained in greater depth in a blog post by Sophos here.

"The websites we've seen point unsuspecting users to a fairly bog-standard fake anti-virus page," explained Graham Cluley, senior technology consultant at Sophos. "The websites check that the page referrer is Google, and the various scripts will not forward to the target site unless Google is the referrer.

This happens a lot with fake anti-virus software attacks - chances are that the sites which are listed on Google have been hacked by the bad guys, with the intention of redirecting users to the scareware pages," he added.

The ruse joins a growing list of incidents whereby unscrupulous cybercrooks latch onto interest in tragedies, natural disasters and other news events to distribute junk. Similar attacks also accompanied the recent death of Michael Jackson and the Indian Ocean tsunami disaster.

Sophos reckons the wrong 'uns running scareware scams appear to be "running a round-the-clock factory, pumping out new websites that exploit the hot trending search terms of the day".

"Clearly, no topical report, however tragic is exempt from the attentions of the criminal mind," writes David Harley, director of malware intelligence at anti-virus firm Eset. "Using Google and other search engines for information and reports about 9/11 is likely to generate results with a load of links leading to rogue antivirus-related sites." ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.