Hackers exploit Oscars to spread scareware attack, Sophos reports

March 08, 2010 Sophos Press Release

IT security and control firm Sophos is warning that hackers are exploiting interest in last night's Oscar film awards ceremony to infect the computers of unsuspecting computer users.

Movie-loving internet users are searching the web for information and gossip about the Academy Award winners, making phrases like "Oscars Winners" one of the most commonly searched for phrases on the internet. However, using SEO (search engine optimisation) techniques, hackers have created webpages stuffed with content which appears to be related to The Oscars - but are really designed to infect visiting computers.

Malicious Oscar-related search results

"Many people won't have had the chance to watch The Oscars live on television, and so turn to the internet for news on whether their favourite film won an award or not - but careless clicks can lead to a malware attack," explained Graham Cluley, senior technology consultant for Sophos. "Hackers have created poisoned pages that appear on the first page of search engine results, tempting users to click on them. However, if you visit the links you can expect to see bogus warnings that your computer is infected with viruses, that try and trick you into downloading dangerous clean-up software or handing over your credit card details. Scareware or fake anti-virus attacks like this are an increasingly common weapon in the armoury of cybercriminal, jumping on the coat tails of breaking news stories."

Oscar scareware

Sophos detects the attacks as Mal/FakeAVJs-A and Troj/FakeAV-AXS. Users are advised to be cautious about the links they click on and ensure that they are running up-to-date anti-virus protection.

"Cybercriminals lover launching SEO attacks because they've proven to be so successful at hitting unsuspecting users," explained Cluley. "Visiting mainstream news websites for breaking news might be a lot safer for users than stumbling across dangerous pages carrying traps laid by hackers."

Further information about the attack can be found on Graham Cluley's blog.