More Michael Jackson-related attacks online

by Steve Ragan - Jul 2 2009, 17:15

Several security vendors are issuing reports about Michael Jackson-related Malware, either in the form of a mass-mailing Worm or search-related domains that offer images. The aim is to use the shock of the pop star's death to lure victims into downloading images, videos, music, and news articles with the latest information.

On Monday, F-Secure discovered several domains spreading Malware related to the singer’s recent death. The sites all offer up images of Michael Jackson, some of the examples that have hit inboxes here at The Tech Herald are claiming to be the last images taken of him just minutes before his death. The sites, including photos-Google[dot]com, photo-msn[dot]org, and Facebook-photo[dot]net, install IRC bots, with backdoor abilities.

Symantec and Sophos are both reporting the discovery of a mass-mailing Worm that is circulating from inbox to inbox. The Worm, delivered as an attachment of music and photos, comes with the subject heading: “Remembering Michael Jackson” and a ZIP file with a DOC.EXE document that installs itself once accessed. The Worm, aside from re-mailing itself to others on the user's contact list, will infect USB drives using Autorun.inf.

“Long time followers of the computer security scene will be aware that although there has been much cybercriminal activity following Michael Jackson's death, he was not immune from having his name exploited by hackers when he was alive either,” said Grahem Cluley of Sophos.
 
“For instance, in 2004 a Trojan horse was spammed out claiming to contain photographic evidence of Jackson abusing a young boy. The following year a malware campaign was spammed out claiming to contain breaking news that the music superstar had committed suicide.”

Finally, one we have seen for ourselves in The Tech Herald labs comes from “x-files@...” using random top-level domains. The e-mail links to a site promoting a conspiracy theory mystery surrounding Jackson’s death. The file that contains the “secret information” is actually Malware.

The Malware itself has scattered coverage according to Virus Total (VT). VT's report shows 11 out of 41, as of this morning when we sent in our sample, and on the lab computer Microsoft Security Essentials detected the threat as it was downloaded. However, since this is only a snapshot of coverage, the best bet is to avoid any URL links and file attachments related to Jackson and his death if they arrive in your account's inbox.

 

Want regular updates from The Tech Herald? Follow us on Twitter.

Interested in a more interactive TTH? Join our Facebook Group.

Around the Web