What is that old cliché about publicity now? The essence seems to be that all publicity, whether positive or negative, is good — good for celebrities but a different thing altogether for Web users, as gossip could lead them to malware.
TrendLabs reported two months ago of a malware operation that took advantage of Yahoo!’s redirection services and pointed users to malicious Web sites. The social engineering technique was the center of gossip during the time: Britney Spears.
The style seems to not have waned as even now celebrities are still being used to lure users to malicious sites, where malware is downloaded into their systems. The following is a screenshot of a spammed email message with a malicious link that would look irresistible for those interested in celebrity gossip:
Britney Spears this time was replaced with another media hound: Nicole Richie. The subject of the spammed mail promises users of a pornographic video supposedly featuring Richie. The observant would notice, however, that the details in the email mention another celebrity: Penelope Cruz. While Cruz is not really in the same league as Britney and Nicole, the supposed graphic content of the “video” in the email would make her still an effective bait for those who might want to “see and find out.”
Users who click the link are redirected to this Web page:
A video would seem to be downloading here but this screen in fact just defers user discovery of malware infection. Trend Micro is still analyzing the malware involved in this spamming activity. Users are still advised not to let curiosity get the best of them.