Hackers Find New Opening With 'Lost' Finale


Fans of the hit ABC series "Lost" this week are stumbling onto a slew of bogus antivirus software scams that are using the much-anticipated series finale as a lure to rip people off and spread the very malware they falsely claim to subdue.

According to Panda Security, a flurry of socially engineered malware campaigns are using fake Web sites to distribute MySecurityEngine, a fake antivirus application that attempts to trick users into buying security software to remove nonexistent threats from their smartphones and PCs.

Along with the scareware come-on, MySecurityEngine also keeps users from accessing certain search engines, legitimate security apps and modifies the searcher that is displayed in the "Search" option of Internet Explorer browsers.

PandaLabs said some of the most common keyword searches leading to this latest malware trap include "Lost New Episode Stream," "Lost New Episode Guide" and "Lost New Episode Tonight."

"The Web sites displayed have nothing to do with the search carried out," Panda Security researchers wrote in a blog posting. "Instead of it, an image that seems to be 'MyComputer' is displayed with an alert message of infection after having scanned the system."

Malware purveyors aren't limiting their black hat search engine optimization (SEO) scams to the "Lost" finale. Panda Security is also seeing a spike in similar cons related to the death of Ronnie James Dio, the former lead singer of metal bands Rainbow and Black Sabbath, as well as previews of other popular TV shows, such as NBC's "Friday Night Lights" and MTV's "The Hills."

The story was much the same following the death of pop icon Michael Jackson, which provided a nice boon to cyber crooks, and will certainly escalate in the next few weeks leading up to the 2010 World Cup soccer tournament.

Panda Security officials are advising people to avoid clicking on any links contained in unsolicited e-mails, keep a close eye on the URLs they visit and generally anticipate that any breaking news or mass media event will surely usher in a ton of leeching malware sites.

"What continues to surprise us is the speed with which the numerous Websites are created and then indexed and positioned on the Internet," Luis Corrons, PandaLabs' technical director, said in the advisory. "As the screening of the final episode of 'Lost' approaches, we expect the number of malicious links to double or triple."

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.