Hackers disguise malware as Google News report of baseball death

Filed Under: Google, Malware

Baseball player John C Odom became known to millions across America last May after he was traded for ten maple bats.

Tragically, the 26-year-old died from an accidental overdose of drugs and alcohol late last year.

This news has only just become widely known after the mainstream media stumbled across the story.

So, how is this a relevant topic for this blog? Well, heartless hackers have set up a website pretending to be a Google News search result about John Odom's death, which installs malicious software onto your computer.

John C Odom search results

In the above graphic showing search results for John Odom's name, sent to me by Clu-blog reader Pete, you'll see that squeezed between two legitimate news reports from the Chicago Sun-Times and the Seattle Times is a link to a site called news.google.com7newspapers.[censored]

Clu-blog reader Pete, who brought this piece of malware mischief to my attention speculates that the hackers are using a 7 in the domain name because it looks like a /. In other words, the hackers are hoping that people will mistake the link for a genuine report on Google News rather than a website hosting a piece of malicious code.

Because if you do visit the page you'll find a Trojan horse called Troj/Reffor-A is downloaded to your Windows PC.

Of course, many people interested in the story of John C Odom's tragic end may click on links without noticing that they are attempting to disguise their true nature. No doubt we will see many more examples of hackers leaping on to the latest hot terms searched for on search engines in their attempt to infect as many computer as possible.

Customers using the Sophos WS1000 Web Appliance will find that the website hosting the code is blocked as Mal/BadRef-A.

Credit: Thanks to Clu-blog reader Pete for bringing this to my attention. You can see a larger version of the graphic and some commentary on his Flickr page.

, ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.