What is it with Paris Hilton these days? Just this week we’ve seen several pictures of the celebrity in a spam run that is yet again pushing rogue AV.
Although we’re quite familiar with the social engineering technique involved in name-dropping celebrities in order to pique more interest (and therefore hits), the last celebrity we’ve seen in the run was Angelina Jolie — around the time of the release of the movie Wanted, in which she starred.
These spammers are apparently in touch with the pop culture scene, as Paris followers (and naysayers) from all over the world are by now intimately familiar with that viral video where Paris says, “I want America to know that I’m, like, totally ready to lead.” This was in answer to the John McCain ad where a clip of his opponent Barack Obama was placed between a Paris Hilton and Britney Spears footage, implying that Obama is merely a celebrity.
Figure 1. Spammers play off off-beat mainstream news.
Trend Micro Advanced Threats Researcher Jamz Yaneza tells us that tempted users who open the message will find any of the following URLs in the message body:
While we are indeed detecting a trend that rogue AV programs are having a field day in the past few weeks, the volume of unique Paris-related spam-for-rogue-AV attacks and the actual victims (a big chunk of whom are from North America based on our Virus Tracking Center) say that this particular social engineering technique does click.
Never mind if the spam doesn’t make sense…
Figure 2. Paris spam pushing rogue AV, sample 2
…isn’t even remotely sensational…
Figure 3. Paris spam pushing rogue AV, sample 3
…or just too good to be true.
Figure 4. Paris spam pushing rogue AV, sample 4
All URLs and spam mail mentioned above are already blocked by the Smart Protection Network.
Recent reports of rogue AV in the blog: