There has been a good deal of talk online about the alleged death of actor and heartthrob Johnny Depp; however, the fake news page was only the start. As soon after the rumor started to spread, criminals jumped on the trend in order to push Malware to those looking for information. Here’s a breakdown on the hoax and other additional details.
The Johnny Depp hoax and spotting similar false reports:
The Johnny Depp hoax started with a CNN news item posted online and circulated with various links. The common thread is that the initial report started with a page hosted on Angelfire, and from there several aggregator services picked up on related chatter related.
In part, the news item read:
“BORDEAUX, France (CNN) -- Johnny Depp's car was found alongside a road outside Bordeaux, France, with the guard rail embedded deep inside the car... A tourist was driving down the road when he saw a car wreck alongside the road... The police arrived at the scene shortly after and pulled out the body of the former actor, Johnny Depp.”
Images taken from the hoax article and the main page of the Angelfire site are posted below.
The first thing to note in the images is the look of the CNN site. For those who regularly visit the CNN domain, this stands out instantly as a very old design. The second note is the date of March 25, 2004. Another interesting aspect is that this CNN design has been used several times in the past for other fake celebrity death reports including the likes of Brad Pitt, Eminem and Tom Cruise. The item likely to change is the photo from the accident site.
Another item of note in the report is the misspelling of various words and phrases, such as alcohol, which you see in the article as: “The police suspect that alcohal [sic] was the cause of the accident.”
Each of these things should raise red flags that the entire story is false. This recent hoax, and others like it, all share many such warning signs and, with some practice, are easy to spot. However, fans will tend to crowd around devastating news, and this is where the criminal element comes into play.
The criminal element:
The criminals who took the Johnny Depp death hoax and ran with it are doing two things:
The first is spreading the news from its original source on Angelfire to other places online. They are spreading the news through one-off blog posts, forum posts, and comment sections. From there, the massive flood of news based on the supposed death of a celebrity lends creditability to the core story in the eyes of the uninformed public -- because, if dozens of sources are running with it, there must be some truth to it.
Once the number of sources starts to spread, the criminals can use back links to position malicious websites within both search results and news aggregation feeds, such as those mentioned by Sophos when it pointed out buzzfeed and mixxnews.com. Those two aggregation sites were linking to pages rising in rank because of the number of places citing them when talking about Johnny Depp's apparent demise.
To the end user, what happens is that these links spread to search engines and RSS feeds. Once accessed, some of the sites offer “new information” and “video evidence” gathered from the accident. The videos all need a special codec to play, which they gladly offer. Just as it is with similar codec requirements, once the offered .exe is installed, the host system becomes compromised. This is the final step in the two-prong approach taken by the criminals.
Nothing to see here… move along!
The malicious sites and SEO poisoning linked to the reported death of Johnny Depp is nothing new. This is the same trick and scheme used several times in the past year with Malware coming up on searches related to Michael Jackson, Tiger Woods, the earthquake in Haiti, and other high-profile events.
The criminals know that fans will always run to the Web to search for more information when there is tragedy or gossip related to someone they take interest in. The best protection is to stick to trusted sources. If it's celebrity news you seek, numerous specific sites offer regular scoops -- and none of them reside on Angelfire’s servers. Use caution when following links from news aggregation sites, especially ones full of ads and seemingly unrelated topics.
It goes without saying that the other level of protection comes from fully patched system software (browsers and operating system patches, and software like Adobe Reader, for example), and current anti-Virus software.