Tiger Woods car accident exploited by hackers

November 30, 2009 Sophos Press Release

IT security and data protection firm is warning computer users keen to read the latest developments in the story about the Tiger Woods car accident that they may be walking straight into a trap set by hackers.

Sophos discovered that hackers were not slow to take advantage of the breaking news story, and by early Saturday morning had created webpages which claimed to contain video footage related to the incident, but that were really designed to spread dangerous malware.

Malicious webpages containing content related to Tiger Woods accident

By using content related to the top golfer's mysterious car accident and his alleged relationship with New York party girl Rachel Uchitel, the cybercriminals have made their attack timely and ensured that it will feature high up in search engine results, increasing the chances of unsuspecting victims visiting the site.

"The Tiger Woods story has been one of the top news stories around the world this weekend, and search engine statistics show that many people have been hunting for developments via the web. Hackers don't waste any time jumping on the coat-tails of a hot news story like this, in their attempt to infect as many computer users as possible," said Graham Cluley, senior technology consultant at Sophos. "Foolhardy internet users who believe they are about to watch video footage related to Tiger Woods's current troubles may find the website is trying to surreptitiously install a Trojan horse onto their computer, handing control over to cybercriminals."

Sophos notes that if computer users do visit the poisoned webpages, a malicious Trojan horse known as Troj/Proxy-JN can be installed on their computers, allowing hackers to relay spam via the victim's PC without their knowledge.

"This is a threat both for home users and companies. Many people may return from the weekend and use their office PCs to find out the latest news this morning - only to have their computers silently infected," continued Cluley.

More information about this threat, including images of an infected webpage, is available on Graham Cluley's blog