Swayze death exploited to serve up fake anti-virus
I've had the crime of my life
Miscreants have moved swiftly to establish malicious websites designed to rip off users searching for more information on the death of actor Patrick Swayze on Monday.
Black-hat search engine manipulation means that many sites that appear prominently in search engine results point to sites slinging fake anti-virus scanners. Surfers visiting these sites are warned of non-existent security problems in a bid to trick them into buying software of little or no utility. A video (below) from Sophos explains the particulars of the Swayze-themed attack.
Other trending topics including Serena Williams's US Open tennis semi-final outburst video (as explained here) and the anniversary of the 9/11 attacks have also been exploited as themes for scareware traps over recent days.
The mechanism of such attacks in general is growing in sophistication, as well as frequency. In many cases, sites already listed in Google's index for a search term of interest are hacked by the bad guys, with the intention of planting malicious scripts that redirect users onto the scareware payload sites.
Graham Cluley, senior technology consultant at Sophos, explained: "Sometimes the scareware guys create brand new webpages (new domains) and stuff them with keywords and the like to try and get them high on Google's search results."
"However, the sheer fact that they are newly registered domains makes them more suspicious than domains that have been around for some time, and so this can work against them."
"So, they're breaking into existing sites, creating webpages that are stuffed with relevant keywords in the hope that they will both get higher in search results *and* benefit from the fact that the domain has existed for some time," he added.
Malicious scripts on compromised sites are programmed to avoid forwarding unwitting surfers to the scareware download site unless Google is the referrer. The tactic is designed to help scams to say undetected for longer.
"The fact that the pages do nothing suspicious unless you visit them *via* Google (the referrer thing) is part of their cover," Cluley explained. "They're hoping that inquisitive sysadmins won't realise what's going on - if they do load up the page (without going through Google) they won't see anything suspicious." ®
Re: Here we go again
I have the same thought when the bright sparks on these comments pages trot out the same old advice time after time. They elevate themselves above the 'numpties' and 'muppets' who are too 'dumb' to read The Register (they're the ones who make these mistakes, after all,) yet waste time and network traffic addressing comments to them. What do you expect to achieve, genius? To re-use an old saying, you're preaching to the choir. Though it does guarantee your audience will agree with you, I suppose. Sort of a validation, in a really sad way.
Is this even news anymore? This has happened EVERY time anyone vaguely famous died for the last year or two.
Here we go again...
Note to muppets who were not paying attention last time this happened and had to pay PC World £300 to fix their machine....
1. Don't click links in emails! Yes, even the ones from your best mate!
2. Don't click on ads on webpages, especially popups. If you want a widget, get Google out and look for widget at reputable online store, Amazon that sort of place.
3. Install AV/Malware software. Christ you don't even have to buy it now, there are plenty of orgs doing it for nothing, ClamAV etc. No, don't click on that security warning ad and...oh for the love of...not again.....a reputable AV org not ones that promises to....never mid....OI....look, JUST STOP CLICKING!!!
To re-use an old saying:
Would you do that in the real world? No? Then don't do it here!
Finally my own favourite, stop using Windows, either install Ubuntu or save up and buy a Mac!