Hackers exploit Oscars to spread scareware attack, Sophos reports

Sophos Press Release

Movie-lovers at risk of infection from fake anti-virus traps

IT security and control firm Sophos is warning that hackers are exploiting interest in last night's Oscar film awards ceremony to infect the computers of unsuspecting computer users.

Movie-loving internet users are searching the web for information and gossip about the Academy Award winners, making phrases like "Oscars Winners" one of the most commonly searched for phrases on the internet. However, using SEO (search engine optimisation) techniques, hackers have created webpages stuffed with content which appears to be related to The Oscars - but are really designed to infect visiting computers.

Malicious Oscar-related search results

"Many people won't have had the chance to watch The Oscars live on television, and so turn to the internet for news on whether their favourite film won an award or not - but careless clicks can lead to a malware attack," explained Graham Cluley, senior technology consultant for Sophos. "Hackers have created poisoned pages that appear on the first page of search engine results, tempting users to click on them. However, if you visit the links you can expect to see bogus warnings that your computer is infected with viruses, that try and trick you into downloading dangerous clean-up software or handing over your credit card details. Scareware or fake anti-virus attacks like this are an increasingly common weapon in the armoury of cybercriminal, jumping on the coat tails of breaking news stories."

Oscar scareware

Sophos detects the attacks as Mal/FakeAVJs-A and Troj/FakeAV-AXS. Users are advised to be cautious about the links they click on and ensure that they are running up-to-date anti-virus protection.

"Cybercriminals lover launching SEO attacks because they've proven to be so successful at hitting unsuspecting users," explained Cluley. "Visiting mainstream news websites for breaking news might be a lot safer for users than stumbling across dangerous pages carrying traps laid by hackers."

Further information about the attack can be found on Graham Cluley's blog.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.