CYBERSPACE—A covert video reportedly shot peephole-style and depicting ESPN reporter Erin Andrews undressing in a hotel room has all but disappeared from the internet, but rumors of the tape’s existence continue to fuel malware infections among the curious.
Antivirus firm Sophos is warning surfers to bypass links promising access to the video because many of the links lead to virus triggers cleverly implanted online by hackers.
“Hackers are no slacks when it comes to taking advantage of a hot internet search trend, and they have been quick to set up bogus web pages claiming to contain the video footage of Ms. Andrews in her hotel room,” Sophos’ Graham Cluley warned Saturday on the company’s blog.
Within hours of the video surfacing on YouTube and other video sites late last week, attorneys for both Andrews and ESPN began issuing takedown notices. The attorneys say they will take legal action against anyone caught distributing the video, which was shot on the sly.
“While alone in the privacy of her hotel room, Erin Andrews was surreptitiously videotaped without her knowledge or consent,” Andrews’ attorneys wrote in a prepared statement. “She was the victim of a crime and is taking action to protect herself and help ensure that others are not similarly violated in the future. Although the perpetrator or perpetrators of this criminal act have not yet been identified, when they are identified she intends to bring both civil and criminal charges against them and against anyone who has published the material. We request respect of Erin’s privacy at this time, while she and her representatives are working with the authorities.”
The legal threats have not stopped creative cybercriminals from luring the unwary through links in email, instant messages and search engines, however. According to Cluley, upon arrival at their destination, users are met with a message indicating their browser’s pop-up blocker has prevented the video from loading. They are encouraged to launch a “Live Video Player” by clicking on a link in the web page. In reality, clicking the link downloads and installs a Trojan on both PCs and Macs.
The Andrews video scam is the second such event this month. Following “King of Pop” Michael Jackson’s July 7 memorial, users who searched for images of the service found links that downloaded and installed malicious software on their computers.
Nate Solberg of custom computer manufacturer Nordic PC told MSNBC that Trojan horses are popular ways of delivering all sorts of nasty computer infections. The device is a brilliant example of social engineering gone bad: People gravitate toward the free and the illicit, only to be caught in a nightmare of their own making.
“A Trojan horse is the method of delivery,” Solberg said. “You think you’re downloading something useful, but it turns out to have a surprise. The payload can be pretty much anything. Most popular these days are botnets, which can take control of your machine and use it for denial-of-service attacks against other web sites, or to house pornography or distribute files illegally.”
Solberg said a message urging users to download a special video viewer often is a dead giveaway that the file they seek is at least infected with something they don’t want, if not downright fraudulent.