O.J. Simpson Guilty Verdict Could Lead to Malicious Spam

Users should be on guard for spam touting the guilty verdict of former professional football star O.J. Simpson, a security company warned today.

“Anytime there’s a big news story, spammers latch on to it to get people to click on a link and download their malware,” said Sam Masiello, vice president of information security at MX Logic Inc.

Although MX Logic has not yet spotted any Simpson-related spam, Masiello said that company researchers have found evidence of an impending campaign. “We’ve seen poisoned search results on [Microsoft Corp.’s ] Live Search that lead to some Live Spaces hosting fake video codecs,” said Masiello. The tactic, dubbed “search engine poisoning,” is frequently used alongside malware spam.

Hackers try to dupe search engines into ranking malicious sites at or near the top of the results list by flooding blogs and message boards with bogus entries added by automated bots. “They’ll use anything they can to pump up the search engine results,” said Masiello.

The most likely Simpson spam strategy would resemble the massive August campaigns that lured users to malware-hosting sites by promising video clips from the CNN and MSNBC cable news channels, Masiello said. At the time, criminals tricked people into downloading attack code by telling them that the file was a codec required to play the video.

“Based on the results we’ve already seen, I think [a spam campaign] is pretty imminent, and very likely,” Masiello added.

O.J. Simpson, 61, was found guilty late last Friday by a Las Vegas jury on multiple charges stemming from the armed robbery of two sports memorabilia dealers in 2007. The verdict was handed down 13 years to the day after Simpson was acquitted of the murders of his former wife, Nicole Brown Simpson, and her friend, Ronald Goldman.

Simpson, scheduled for sentencing Dec. 5, faces life in prison.