Sick hackers exploit Sea World Killer Whale attack to spread malware, Sophos reports

Sophos Press Release

Scareware lurks behind websites claiming to contain video footage of death

IT security and control firm Sophos is warning that hackers are exploiting interest in the death of Sea World animal trainer Dawn Brancheau, who was killed after being attacked by a killer whale.

Ghoulish internet users are searching the web for photographs and videos of the death, which happened yesterday during a public show at Sea World, Orlando. However, by using SEO (search engine optimisation) techniques, hackers have created webpages stuffed with content which appears to be morbid video footage of the animal trainer's death - but are really designed to infect visiting computers.

"It's hard to believe that anyone would want to watch video footage of this horrible death, but it's currently one of the very hottest search terms on the internet," explained Graham Cluley, senior technology consultant for Sophos. "These poisoned pages can appear on the very first page of your search engine's results, and if you visit the links you may see pop-up warnings telling you about security issues with your computer. These warnings are fake and designed to trick you into downloading dangerous software or handing over your credit card details."

Sea World killer whale malicious search result

Malicious search result for Dawn Brancheau

Sophos advises that scareware or fake anti-virus attacks like this are an increasingly common weapon in the armoury of cybercriminals. The same tactic has been used after the high profile deaths of others, including Natasha Richardson, Patrick Swayze and Boyzone's Stephen Gately.

Sophos detects the malware as Mal/FakeAV-BW, and users are advised to be cautious about the links they click on and ensure that they are running up-to-date anti-virus protection.

"You could argue that anyone hunting for footage of this horrific accident deserves everything that's coming to them, but the real sick ones here are the hackers who are trying to profit from the death of an innocent woman in a tragic accident," continued Cluley. "The general public would find it much safer to get their news from established news outlets rather than any Tom, Dick or Harry website on the internet. There are simply too many cybercriminals out there waiting to trip up the unwary."

Further information about the attack, including images of the malicious search results, can be found on Graham Cluley's blog.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at