Malware creators love a juicy news story

Malware creators just love a news story that has the perfect ingredients: a leading brand name, a prototype phone and a thriving IT community just dying to hear what the latest gadget is going to be.

One Apple employee, named as Gray Powell, was unfortunate enough to forget his iPhone behind him after spending an evening in the company of friends and a few beers. Nothing new there, after all people leave mobile devices behind them with increasing frequency. The only problem for the poor young man was that his was a prototype for the next generation of the iPhone.

Ouch!

Now that is one heck of a story and juicy enough for techies eager to learn more about this guy’s mishap and, more importantly, what the next iPhone will look like. Unfortunately, it’s also a hot item for malware creators who see these ‘celebrity’ stories as fantastic opportunities to distribute their malware to people whose fingers click on links faster than they can read them.

Using Google’s hot trends page and generating pages containing malware, they then use SEO to get their pages as high up in Google rankings as possible, hedging their bets that users will click on the links without paying too much attention to the URL.

According to blogger Bogdan Calin, four out of 10 results from a Google search for ‘Gray Powell’ turned up links to malware-infected websites.

This is a technique that has been used often in the past. The death of Michael Jackson saw hundreds of infected links popping up in Google searches and many fans of the Twilight series were tricked into downloading what they believed was a full online version of the film.

The modus operandi, however, is the same. Clicking on the link results in a pop-up warning the user that his or her machine is at risk of infection and a recommendation to check the system. As soon as they click ‘ok’ or ‘clean’ or ‘proceed’ (depending on which rogue-ware is being distributed), the malware creates a report – that looks perfectly genuine – of the infections found on that machine.

Concerned users then download the fake anti-virus software to ‘clean’ the infection. There are different variants of the malware and each one is a nasty piece of work. To remove the malware, especially those of the fake AV variety, the creators request payment by credit card.

A nasty piece of work indeed.

Infection with malware can be avoided if users paid more attention to the URLs and not just the title and description. Having the latest anti-virus definitions and anti-malware software is also important.

Businesses would also do well to use web filtering and web security software that would automatically block the links before the malware can be downloaded. Filtering of http traffic is a must today because the majority of threats are web-based.