Natasha Richardson's death exploited by hackers, Sophos reports

March 19, 2009 Sophos Press Release

IT security and control firm Sophos is warning computer users keen to get the latest news on Natasha Richardson's death to be careful about which news story they read. Sophos has already seen compromised websites hosting content related to the award-winning English actress who died yesterday after suffering head injuries in a skiing accident earlier in the week.

According to Sophos, hackers have been creating malicious webpages and stuffing them with keywords, most likely through content scraped from legitimate news websites. By using content related to Natasha Richardson's death, the cybercriminals have made their attack timely and ensured that it will feature high up in search engine results, increasing the chances of unsuspecting victims visiting the site.

Natasha Richardson malicious webpage

"Cybercriminals don't waste any time jumping on the coat-tails of breaking news stories in their attempt to infect as many computer users as possible," said Graham Cluley, senior technology consultant at Sophos. "Speed is everything for these hackers - they know that more people will be searching for information about Natasha Richardson today than, say, in two weeks time. All computer users need to be on their guard against these attacks. One way to avoid falling into this trap is to visit an established news website rather than using a search engine which might take you to a keyword-stuffed site harbouring malware."

Sophos notes that if and when computer users do visit the compromised web links, a malicious script known as Troj/Reffor-A will run on their computers. This will then run a fake anti-virus product designed to scare users into making an unwise purchase.

Fake anti-virus products, also known as scareware or rogueware, are one of the fastest growing threats on the internet, and attempt to frighten users into believing that your computer has a security problem and that you should purchase a solution from the very people who have tricked you.

More information about this threat is available on Graham Cluley's blog.