The news coverage around celebrity deaths has been extensively highlighted but a new tactic seems to becoming popular.
Symantec's Mayur Kulkarni claimed that malicious spam is now luring victims not in regard to the deaths of the likes of Michael Jackson, Patrick Swayze and Natasha Richardson, but those celebrities who have not actually died at all.
He said: “Strange stories of celebrities have suddenly erupted in the spam ring, which describe their deaths in plane crashes or car accidents. The intention of distributing such false news is to spread viruses using HTML or zipped attachments. This is one more in a series of recent virus attacks seen in the last few weeks.
“This is an old trick of using celebrity names to lure recipients into opening malicious URL or attachments. In one of the campaigns seen, spammers are using subject lines showing that a celebrity has died.”
Among the celebrities named as receiving a visit from the Grim Reaper are Beyonce Knowles, Brad Pitt, David Beckham, Jay-Z, Jennifer Aniston, Miley Cyrus and Tiger Woods. Almost a year ago, rumours began to circulate that rap star Kanye West had died, leading to malicious links appearing on the first page of Google searches. Last week McAfee named Cameron Diaz as the most dangerous celebrity in cyber space, as searches on her are most likely to run into online threats.
Kulkarni said that in the message, it states that the celebrity has died, along with 34 other people when their plane carrying the group on a trip crashed into a mountainside while approaching the airport. For further details, recipients are asked to open the malicious attachment.
In another example, the subject lines were changed to show that the celebrities had a fatal car crash and they were killed in that accident.
On opening the zipped attachment there is an executable, detected as Trojan.Zbot by Symantec.
“Spammers are known to create curiosity in their spam messages so that users get interested and make an attempt to open and, perhaps, install the executable. Doing this using brand names such as well-known news agencies or using a celebrity name gives them the much-needed credibility in order to gain trust in the recipient's mind,” he said.
However it is not just rumours of celebrity death that are catching the attention of the gossip-hungry, Sophos senior technology consultant Graham Cluley identified a new threat on Facebook which is luring users into viewing photos of a ‘football player and an underage prostitute'.
In a survey-based threat similar to the Disney page identified earlier this year, it promises to show photos of the alleged incident, undoubtedly jumping on the bandwagon of England striker Peter Crouch's rumoured incident with Algerian prostitute Monica Mint.
Cluley said: “With the British media obsessed with football, WAGs and sex scandals - it's no wonder that the story has been making plenty of headlines.”
The page lures users in with a headline of ‘OMG.. This England Football Player Got CAUGHT F**KING A UNDERAGE PROSTITUTE!' with ‘shocking' photos promised of the ‘disgusting' incident with a girl who apparently ‘looks about 13'.
If a user clicks on the link they are invited to share the message with their Facebook friends (thus spreading the message virally) before being allowed to see the photos. When a user finally thinks they are going to see the photos they are instead taken to a series of online surveys, allowing the cyber criminals to earn money in the form of commission by tricking people into taking the surveys.
Cluley said: “If you do manage to make it past the survey (and I would question why you would do so) you'll ultimately be taken to a story published on the British tabloid The News of The World's website yesterday, covering the latest gossip about Peter Crouch's love life, and topless pictures of Monica Mint. (By the way, she's reported to be 19 years old - so not underage in most countries, including Spain and the United Kingdom).
“But, of course, you didn't have to complete the online survey to see the story of Peter Crouch's shenanigans. You could have just visited The News of the World website instead. But that would have deprived the scammers of some revenue.
“I've informed Facebook of the scam, and hopefully they will shut it down shortly. In the meantime, Facebook users would be wise to think twice before ‘liking' or ‘sharing' pages in order to see the oft-promised ‘sensational' or ‘shocking' content'.”