Our Cup Runneth Over with Farrah Fawcett Files and Michael Jackson Malware

by

Share this news now.

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

fawcett1

With the sad news circulating the globe that 70s sex symbol, TV pitchwoman, and former Charlie’s Angel Farrah Fawcett passed away this morning, it didn’t take long for the malware vultures to execute their attack.

Beginning in the afternoon, our Proactive Research team began finding tons of pages that purportedly offered a Farrah Fawcett poster or photo for download. What you got, when you clicked the link that looks suspiciously like a video player (not a static image), was — you guessed it. A load of junk.

Interestingly, hovering the mouse over the video link causes the browser to display a “preview image” that looks awfully like Google’s front door. But clicking the link to the video brings you to yet another page with something that looks like a video player, and only when you click that link do you end up with an executable on your desktop.

fawcett2Few antivirus companies have the malware in their definitions. We’re identifying the files pulled down by the Fawcett installer as Trojan-Cognac (they leave, shall we say, a distinctive aftertaste), as well as Trojan-Zoeken and Adware-Sabotch. Zoeken is a nasty downloader, which brings down all kinds of badness on an infected system, and Sabotch tends to tout those wonderful rogue antivirus products we all love so much.

So far, the Fawcett-related malware is all coming from fake pages set up on blog site Vox.com. Until they clean up this mess (which I imagine will be fairly time consuming, as new ones keep popping up), don’t follow any search links headed in their direction.

And this afternoon, as rumors began to circulate that Michael Jackson was ill in hospital, the jackals pounced on that bit of news. More on that in the next post.


Share this news now.

Trackbacks

  1. [...] Update #1: Security firm Webroot adds in the comments that in addition to seeing lots of Jackson malware, they’re also seeing attacks looking to exploit the death of actress Farrah Fawcett, who also passed away yesterday. More details on their blog. [...]

  2. [...] to exploit the death of actress Farrah Fawcett, who also passed away yesterday. More details on their blog. Reviews: [...]

  3. [...] to exploit the death of actress Farrah Fawcett, who also passed away yesterday. More details on their blog. Reviews: [...]

  4. [...] to exploit the death of actress Farrah Fawcett, who also passed away yesterday. More details on their blog. Reviews: [...]

  5. [...] to exploit the death of actress Farrah Fawcett, who also passed away yesterday. More details on their blog. Reviews: [...]

  6. [...] Webroot zelfs aanleiding om van tevóren al te waarschuwen. Volgens Andrew Brandt van Webroot reageren anti-virusbedrijven meestal pas als dergelijke ‘incident-gerelateerde aanvallen’ al [...]

  7. [...] flu email scams circulating; The Web’s most dangerous keywords to search for Several of the blackhat SEO campaigns serving scareware with a low generic detection rate, are already popping-up within the first 100 [...]

  8. [...] to exploit the death of actress Farrah Fawcett, who also passed away yesterday. More details on their blog. Reviews: [...]

  9. [...] to exploit the death of actress Farrah Fawcett, who also passed away yesterday. More details on their blog. Reviews: [...]

  10. [...] Webroot Threat Blog WEBROOT – INSIGHTS INTO THREATS AND TRENDS FROM OUR INTERNET SECURITY EXPERTS « Our Cup Runneth Over with Farrah Fawcett Files and Michael Jackson Malware [...]

  11. [...] to exploit the death of actress Farrah Fawcett, who also passed away yesterday. More details on their blog. Reviews: [...]

  12. [...] to exploit the death of actress Farrah Fawcett, who also passed away yesterday. More details on their blog. Reviews: [...]

  13. [...] to exploit the death of actress Farrah Fawcett, who also passed away yesterday. More details on their blog. Reviews: [...]

  14. [...] the folks at Webroot have been tracking a third hacker campaign – this one timed to take advantage of the death of Farrah Fawcett. Beginning yesterday, blogger [...]

  15. [...] deze week leidt onvermijdelijk tot nieuwe acties van spammers, zo verwacht veiligheidsexpert Andrew Brandt. Nu al zijn er webpagina’s die bewegende beelden beloven, alleen moet daarvoor eerst een [...]

  16. [...] that first wave of malware was almost identical to the distribution we saw when Farrah Fawcett died a few weeks ago. Web surfers were urged to click a link to download a [...]

  17. [...] engineering trick to entice victims to run the malicious file. Abusing celebrity names, news, or even deaths isn’t a new (or even particularly interesting) social engineering tactic, but there was one [...]