Shakira, the “Hips Don’t Lie” superstar and mentor/judge for The Voice singing competition, is dead after a fatal car accident took her young life.
Err…actually that’s not true. The Colombian singer is actually alive and well—but consumers may have gotten an email or two stating otherwise.
The mails are of course socially engineered bait to get users to open an attached Microsoft Word document, containing a malicious macro.
Posters at Hoax Slayer said that the gambit is making its way around the internet in the form of a Spanish-language email that says that Shakira's manager was driving the car—she died, while he sustained grave injuries. The attachment promises exclusive images and further details about the accident.
As Dynamoo uncovered, opening the attachment actually loads a document asking users to change their Office security settings to enable macros—and once that’s done, then the macro downloads additional malware.
“This malicious document has a VirusTotal detection rate of just two out of 54,” Dynamoo researchers said. “According to an analysis of the document, it then appears to download additional components from an insecure Joomla site.”
As always, users should be wary of any unsolicited mails; phishers and malware-pushers always sense an opportunity whenever something or someone is popular. Recent lures have included the royal baby last year, Luis Suarez’ famous World Cup chomp, The Malaysian Airlines tragedies, and even the Ebola hemorrhagic virus.
The ongoing epidemic in West Africa is the most recent that has piqued people’s interest globally. Symantec has accordingly identified a new spam-and-scam push that uses news of the Ebola virus to power three malware operations and to social-engineer a phishing campaign.