Editor’s Note: The following article is reprinted from the
Security Alert blog at
Internet crooks love to create attack sites and e-mails that use lures based on popular news items and Internet porn. When the two come together, as with the recent news of an
online “peephole” video of ESPN sportscaster
Erin Andrews, the malware is sure to swarm.
A clarion call from security blogs is warning about just that. Sites purporting to show the video will push a hapless horndog to install a required video player that is instead—you guessed it—malware.
The video player trick is another big favorite among those who make money from infecting PCs. And it doesn’t stop with PCs—according to a blog post from
Graham Cluely of Sophos, some attack sites hyping the Erin Andrews video will automatically check to see whether a visitor is using a Mac or a PC and launch a customized attack. The example he cites attempts to infect a PC with
Mal/EncPk-IF malware or a rogue antivirus app. Mac users get an
OSX/Jahlav-C Trojan horse.
As malicious video codecs and players are common attacks, it’s a very good idea to send any such download to
Virustotal.com for a comprehensive scan from multiple antivirus engines before double-clicking or installing it. Doing so won’t guarantee that you’ll catch every piece of malware, but it offers much better odds than just scanning with the one security program on your computer.
In addition to Sophos’ warning,
Sunbelt have also posted alerts about the surging number of piggyback attacks. And if you’re in the mood for some irony, watch the (presumably safe) video embedded in the
Sophos post about the danger of video-based Internet attacks.