Fake celebrity websites infect the unwary with malware

by Michael Smith

By all rights and also to all intents and purposes, using fake websites as a malware attack vector should have died out long ago.

Rather than dying, however, those attacks initiated through phony celebrity websites have continued to grow and expand. This is possibly because their intended victims – the celebrity-obsessed among us – either do not have an abundance of brains or a basic knowledge of how computers and the Internet actually work. One could probably assume that in the majority of the cases both would apply.

According to recent data from McAfee, a leading anti-virus program vendor and research company, an Internet user searching for a range of Brad Pitt-themed items, say wallpapers, screensavers, photos, and the like, has, on average, an 18% chance of running into malware in one form or another. Such malware is often served up by a "fake" celebrity website the primary purpose of which it is to push Trojans and worms onto the desktops of the unwary. These websites differ from standard malware landing pads, inasmuch as they try to appear as a legitimate source of news.

In order to create such sites, malware authors rely on an ever-changing list of "hot" celebrities. The turnover rate is fairly high – Paris Hilton was the most dangerous celebrity to search for in 2007, but doesn't even make the top 20 this year, while Britney Spears, which was #4 in 2007, is also missing in action.

This year, 2008, Brad Pitt, Justin Timberlake, and George Clooney are the top three dangerous male searches, and come in first, third, and ninth on McAfee's list and for the women we have Beyonce in first place, followed by Heidi Montag and Mariah Carey. I must say that, personally, I am not even sure who they are; the women, I mean.

McAfee's findings suggest that these sorts of searches are quite common, both at home and in the workplace. Aggressively searching such content while on the job is almost certainly against an employer's rules, even in a company with a fairly lax Internet policy, but that doesn't change the fact that such searches occur, and could expose company systems to any number of attacks. One form of damage control would be to present users with a list of verified "clean" news websites and encourage them to use these for news on any number of topics. Corporate policies that tacitly encourage non-work-related web use aren't going to find a warm reception in the boardroom, but practical advice on where to surf might do more to solve the problem than attempting to beat a basic understanding of the problem into employees' heads.

All of the usual rules about using an up-to-date virus scanner, avoiding suspicious-looking URLs, and not opening an unknown program just because a web browser shoves it in your face still apply, but in this case, the best protection is simply not to look. There are plenty of celebrity websites that make it their mission to stay right on top of the latest rumor, photo, or scandal, and they do so without serving up a healthy portion of Storm Worm on the side. If nothing else, try to remember that you don't actually need Brad Pitt wallpaper or a screensaver featuring outtakes from the Chinese movie My Wife is a Gambling Maestro. When in doubt—heck, even when not in doubt—it's best to stay away entirely.

Searching for desktop items such as Brad Pit screensavers of the like is not a recommended pastime whether or not you have all the relevant anti-virus protection even.

Aside from relying on the unwary to search for celebrity items the distributors of malware also try to trap the news hungry with fake news, such as “Third World War has started”, “USA has attacked Iran”, “Iran has sunk US aircraft carrier”, and similar. I am sure they will not cease to come up with new stuff. Invariably those attempts come via email with links in them which the recipient is meant to click on. He or she will then end up on a website specially created for the sole purpose of distributing this or that Trojan or worm.

News can be had from such a large variety of legitimate main stream and underground news sources – via RSS feed – that no one has to even go as far as opening such emails and clicking on the links therein. If the BBC or the CNN sites are not running it then it has not happened, such as an attack or such, we can rest assured of that. No need to fall prey to the virus distributors.

Whether fake celebrity sites or fake news sites as malware attack vectors, in most cases than not, aside from the above mentioned search for celebrity-themes items, are initiated by a spam email to the recipient. This should already have all possible alarm bells ringing and anyone with an ounce of brain should delete such mails without opening them.

The most dangerous thing on the Internet, and I have written about that before, is the unsecured PC and the user who has no idea what he or she is doing. This is how the spam and the viruses are being circulated.

Have proper anti-virus software (you do not have to pay for it to be secure) that is updates at least once a day. The same for spyware blasting programs – one is in fact called Spyware Blaster – and also have a browser that does not automatically download anything. Internet Explorer's greatest fault is that it just does that; any script and such it encounters and any .exe file it automatically downloads and runs. Use Firefox, for instance. It has a download manager that will ask you what you want to do with the file you have chose to open/download and, obviously, if you have not chosen to open/download anything directly it gives you the choice to cancel it. It is then high time to hightail it out of that site and, for safety, run a full systems check – just in case.

Without the gullibility of so many users and also the fact that so many just do not have the understand of how computers and the Internet work and how, and that despite us all telling them, viruses and such are being spread, such malware sites and spam would have ceases a long time ago.

If everyone would but listen and heed the advise that magazines and websites such as that of the ICT Review here give such malware would by now be either non-existent or very much diminished and would be headed for extinction; all of it.

Alas, as long as there are users out there who do think they know better and such we will continue to be plagued by this.

© M Smith (Veshengro), September 2008