Amy Winehouse scams jump from Facebook to emailby Steve Ragan - Jul 31 2011, 01:29
Singer Amy Winehouse was found dead in her North London home last week. Hours later, scammers used it to promote shocking videos on Facebook. Now, exactly one week after her death, the same fake videos are showing up as email attachments. This time however, it isn’t a survey. The attachments are Malware.
On Facebook, the scams started July 23. Users were greeted with wall posts promising shocking video taken just before the singer’s death, which actually delivered nothing more than links to various survey scams.
It’s a common tactic used to make fast money, as the data collected is often sold. Not to mention, the affiliate promoting the survey is paid per person each time it is completed. As these junk posts are accessed, users end up spamming their friends with the same message, causing the scam to spread.
On Saturday, The Tech Herald noticed an email using the same subject as one of the Facebook scams reported last week by Sophos. [Source]
The message, with content that is “for 18+ only”, promises footage of Winehouse just before her death. The email contains a password protected Zip attachment, which is said to download the video.
[Image via Sophos]
This new campaign will install a nasty bit of Malware called SpyEye. SpyEye can capture stored information on an infected host, including data from email applications, FTP applications, and browsers. The keylogger can capture instant messenger traffic, as well as information entered into forms via Internet Explorer and Firefox.
All of this comes in addition to the ability for an attacker to install other malicious software, or launch spam and DDoS campaigns using the infected host. Recently, SpyEye gained some weight, as it now includes core functions from the infamous Zeus family of Malware.
Strict detection of the executable included with the malicious email is low. [VirusTotal]
However, behavioral detection included with many anti-Virus offerings are likely to detect SpyEye the second it starts to install. So it's a good idea to ensure that security software is kept updated.
However, the best protection is to ignore sensational emails that appear out of the blue, and stick to established news sources when it comes to coverage of an icon’s tragic demise.