The News Might Be Killing Your Computer

How Scammers Use Current Events to Infect Your PC
February 2010
by Robin Wark

When a big event happens – a natural disaster or the death of a celebrity – countless people head online to read the latest. Savvy cybercriminals have caught on to this and utilize the latest news headlines to their advantages.

"Cybercriminals use the natural human curiosity in newsworthy current events," said ParetoLogic security analyst Jean Taggart, a member of the company's Spyware Analyst Team (SWAT) "They manipulate search results, so that their infected links appear prominently in search results. The events act as a lure for unsuspecting web users."


By playing on what people are looking for most they increase their chances of installing a virus or other malware on your machine or tricking you into providing them with information for identity theft and fraud. For example, after the January earthquake in Haiti, the U.S.'s Federal Bureau of Investigation issued a warning to computer users to be wary of email and social networking messages asking for donations to charities and other good causes.

It appears that online criminals even felt for the fate of those in Haiti. In the United Kingdom, BBC Radio 4 reported that various banks were blocking some donations to the Red Cross and other charities. Why? Once your credit card number has been obtained by thieves, they like to test it. Often they do so by making a small purchase, but at times the criminals will actually make charitable donations. In this way they can ensure the card works and do not have to worry about any items to be delivered. The banks were concerned that people were being scammed so, following their protocol, they blocked donations that seemed suspicious.

Phishing schemes that use current events and social engineering to intrigue users to open email messages are also common. In a typical instance, the user receives an email from what is considered to be a trusted sources, such as a bank, government agency, charity or even a social networking site. Usually a link then takes you to what looks like an authentic website where it dupes you into providing confidential information that can be used for identity theft. Then the thieves use your information to commit fraud, such as using credit cards they have taken out in your name.

In March of 2009, the Australian government began a $42 billion stimulus package to try to jumpstart the nation's economy. As part of that, it doled out one-off bonus payments to taxpayers. Just days after the announcement, Aussies began receiving emails that claimed to be from agencies such as the Australian Taxation Office (ATO) and Centrelink. These messages said you needed to provide personal details to them in order to receive the payment. It was, of course, a scam.

Cybercriminals often use current events in an attempt to infect your computer with viruses, spyware, keyloggers and other malicious code. After the June 25, 2009 death of Michael Jackson, emails purporting to have the latest news, photo or work of the "Beat It" pop icon were sent out. They included links leading to unsavory websites that tried to install spyware, hijackers and other malware.

One of the most famous uses of this tactic was the Storm Worm. This Trojan horse was first discovered in January of 2007. It was delivered in an email with subjects lines that alluded to the European windstorm Kyrill, such as "320 dead as storm batters Europe." Less than a week after it was first discovered the Storm Worm was responsible for about eight per cent of the malware infections around the world.

Almost everyone is naturally curious about what is going on in the world. How can you protect yourself against these attacks? Taggart offered these tips:

  • Do not ever click links in any email messages. It is better to contact that organization directly.
  • Verify whether an organization you are interested in helping is legitimate. You could also stick to "big name" charities or local ones where you can drop off or mail your donation.
  • Be wary of people claiming to be victims or officials asking for money in email or social networking site messages.
  • Do not provide personal or financial information to people are soliciting donations.
  • When entering financial or confidential information look for the "padlock" icon on your browser. It signifies a secure website with an encrypted connection.

We all want to know what is happening in the wake of disasters, and we have a desire to help. Exercising a bit of caution will help ensure we actually are helping and not putting ourselves and our computers at risk.

Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries.