G DATA Software AG: Antivirus, Virenschutz, Virenscanner, Internet Security

Bochum (Germany), 18 September 2008 - The beautiful and the rich do not only fill the pages of the gossip magazines, they are highly favoured as lures in spam mail for distributing malware. The scam that the cyber criminals are using in this way is both simple and successful: in breaking news spam, the criminals promise exclusive news, videos or photos of stars and celebrities from showbiz and politics. Embedded links lead to prepared websites, which offer malware to download. One incorrect click and another computer is contaminated with backdoors and spyware. But which celebrities are preferred by the criminals? The experts at G DATA Security Labs wanted to know exactly and analysed captured spam from the point of view of the celeb factor. The result: the most dangerous worldwide spam celebrity is Angelina Jolie! Almost every fifth spam, phishing and malware mail had something to do with the beloved Hollywood star.

"The Storm botnet mob have shown how the latest events are used to improve the efficiency of spam, phishing or malware mail. Unfortunately, this concept has been taken up by online criminals and further developed so that celebs have been used for a long time as crowd-pullers. At the start of the analysis, we assumed that the criminals were using the list "100 Sexiest Women In The World 2008", as complied by the American FHM magazine. This assumption proved false. Much more important is the media presence of the person. The more frequently a celeb appears in tabloid newspapers, gossip magazines and lifestyle media, the more frequently their name is misused in spam mail. The most impressive result of the last seven weeks: almost every fifth paparazzi spam had something to do with Angelina Jolie and promised revealing videos or news about the Hollywood star," explains Ralf Benzmüller, manager of G DATA Security Labs.

Top five decoys

The celeb cases
The criminals‘ scam has remained unaltered for a considerable time: they send out millions of spam emails with links to websites that promise revealing videos, the latest gossip, sensational news about celebs and persons in the latest news. Unnoticed by the user, malware is then installed on his PC after the website has been called up using so-called drive-by-download. Trick number two: to correctly playback videos, the victim is invited to install special codecs. Instead of the hoped for "breaking news" or blue movie, malware is installed, which likewise attempts to take over the computer and bind it into a botnet.

Methodology used in the analysis
G DATA Security Labs operates so-called spam traps, which collect millions of spam mails on a daily basis. Spam traps are special email accounts, which are not used by real persons and are solely designed to capture spam. Starting on 28 July 2008 (week 37), the experts captured emails over a period of seven weeks and matched them with the names of prominent persons on a week-by-week basis. The emails in which the celebrities were promoted, could be identified based on certain characteristics, which are independent of celebrities‘ names. In the resulting emails the subject line and text of the mail were searched for more than 300 persons and their occurrences counted.