Malware peddlers prey on celebrity death frenzies

In the wake of the internet’s biggest day since the September 11th attacks, purveyors of spam and malware have been having a field day with copious morbid web searches driving traffic to their sites.

Searches surrounding the circumstances of Michael Jackson and Farrah Fawcett’s deaths coupled with stirrings of curiousity surrounding recent celebrity deaths have given spammers and malware pushers a new in as news-hungry web surfers click on every link promising “shocking videos” and “exclusive photos.”

Infections are on the rise from unsolicited e-mails promising pictures and video and subsequently installing malware toolbars. Although most users with a lick of internet sense won’t open these kinds of e-mails, your mother might.

And web searches are not immune, either. A New York Times blog reports:

Also yesterday, scammers were using Farrah Fawcett’s death from cancer to reel in victims. Sophos discovered a Web-based attack by running a simple Google search about the star. On the first page of results was a link to a site claiming to have news, pictures and videos, but a click on the link redirected visitors to a page attempting to scam people with fake antivirus software, known by security experts as scareware.

TraceLabs posted some really obvious helpful tips to avoid getting your computer infected:

  • Spam messages with outrageous headlines relating to Michael Jackson, URL links or attachments encouraging you to open to view a video or read a report. Expect to see topics such as ‘Mr. Jackson being frozen for future re-animation’ or ‘Jackson still alive, it was all a publicity stunt’.
    • If you receive messages such as this, do not open the attachment or click on the link. Go directly to a trusted or reputable news agency for your information.
  • Be very cautious using search engines such as Google to find information about Farah Fawcett or Michael Jackson. Look carefully at where links in search results point to.
    • Update your browser to the latest version. Many of these malicious search link results will probably point at sites using browser vulnerabilities to automatically trigger and infect you. There is a dramatically reduced chance of this happening if you are running the latest browser versions.
  • Be wary of Twitter, Facebook, MySpace updates and the like, mentioning Jackson or Fawcett. Hackers are increasingly using social networking sites and user contribution (Web 2.0) sites for malicious purposes.
    • These messages may come from people you know but you should not automatically trust them. Hackers rely on you assuming that the message is safe because of who it comes from. Resist the temptation to click on these links. Do your own investigation or go directly to your friend’s social networking page to see what they are saying rather than following the link you were sent.
  • Blogs will be another popular tool for scammers. Expect to see links pointing to blog sites with wording directly related to the death of Michael Jackson or Farah Fawcett. Criminals use free blogging services to help promote links to their malicious web sites and improve search engine rankings when they are trying to manipulate their ranking on search results for a given topic. Be particularly wary of links on these topics that point to free blog hosting service websites.