Friday, June 26, 2009 4:30 PM
cmosby
Michael Jackson Spam Distributes Malware – SANS Internet Storm Center
Michael Jackson Spam Distributes Malware
Published: 2009-06-26,
Last Updated: 2009-06-26 15:57:36 UTC
by Lenny Zeltser (Version: 2)
0 comment(s) 
acebook 
witter
As we anticipated in our yesterday's diary, spammers are starting to exploit attention-grabbing headlines of recent celebrity deaths. Sophos described one such message, with the subject "Confidential===Michael Jackson", in their blog posting. Today we're starting to see reports of these messages directing viduals to websites that distribute malicious software.
For example, Steve Basford emailed us a link to his blog posting, where he discusses a spammed fake news item invites the victim to download a "video" to download. The message said: "As redes de televisão americanas CBS e ABC também estão noticiando a morte do cantor, assim como a versão online do jornal New York Times e da revista Variety..." (See screen shot below.)
The victim was asked to download the "video" file is named "Michael.Jackson.videos.scr" was actually a malicious program--a downloader that would start the infection chain. See the VirusTotal report.
Update 1: Websense is reporting that they are seeing this campaign as well in their blog posting, and offer a few additional details.
Update 2: Here's the ThreatExpert report on the downloader, detailing the files it attempts to install on the victim's system.
Liked this note? Tweet it!
-- Lenny
Lenny Zeltser - Security Consulting
Lenny teaches malware analysis at SANS Institute. You're welcome to follow him on Twitter. You can also track new Internet Storm Center diaries by following ISC on Twitter.
Filed under: Security and Anti-Virus, Spam\Phishing, Cybercrime