Michael Jackson Death Exploited by Malware Vendors [WARNING]

Spammers, unscrupulous marketers, and hawkers of malware have no shame. Apparently looking to capitalize on the incredible demand for news and information about Michael Jackson in the wake of the pop icon’s death, spammers are attempting to spread malware under the guise of Jackson-related content.

Online security firm Websense reports that spammers are sending emails that purport to offer links to exclusive video and photo content. But in reality, the links, if followed, ultimately install malware on the user’s computer. Between demand for the news and the tricky way that this particular scam operates, it’s easy to see how at least a novice Web user could fall for it.

From Websense:

“The spam email appears to offer a link to a YouTube video, but instead sends the recipient to a Trojan Downloader hosted on a compromised Web site. The file offered is called Michael.Jackson.videos.scr (MD5: 664cb28ef710e35dc5b7539eb633abca). This file is located on a legitimate Web site hosted in Australia belonging to a radio broadcasting station. Upon executing the file, a legitimate Web site at http://musica.uol.com.br/ultnot/2009/06/25/michael-jackson.jhtm is opened by the default browser in order to distract the user by presenting a news article for them to read.

In the background, three further information-stealing components are downloaded and installed by the malware. One of the downloaded files is called michael.gif, which has low AV detection rates – see VT results here. The malware then installs a malicious BHO that is registered with this file %windir%Dynamic.dll and this GUID {FCADDC14-BD46-408A-9842-CDBE1C6D37EB}. Another component is bound to startup at %windir%system32kproces.exe. Another malicious file installed by the malware is %windir%system32fotos.exe.”

Of course, the easiest way to avoid this scam is to not follow links from people you don’t know, though, with malware, occasionally the malicious software is able to gain access to a victim’s address book, further complicating the issue. So far, we haven’t seen any attempts to attack Twitter’s trending topics – which are still dominated by Jackson-related news and memories – but it wouldn’t be surprising in light of other recent threats.

If you’ve been noticing any scams floating around, please add them to the comments and we’ll update here with alerts.

Update #1: Security firm Webroot adds in the comments that in addition to seeing lots of Jackson malware, they’re also seeing attacks looking to exploit the death of actress Farrah Fawcett, who also passed away yesterday. More details on their blog.


Reviews: YouTube

Tags: malware, michael jackson, spam, spammers


View post:
Michael Jackson Death Exploited by Malware Vendors [WARNING]

Leave a Reply