Michael Jackon Spam/Malware – RIP The King Of Pop


For people of my age and generation and I’d guess for most readers of Darknet, Michael Jackson would have had a great influence on our lives.

The biggest news last week was most certainly his death, as usual the bad guys were extremely quick to capitalize on this and were sending out spam within hours of the announcement.

It was suspected malware would follow shortly after, and it did according to F-secure.

Within hours of the death of pop star Michael Jackson, spam trading on his demise hit inboxes, a security firm said today as it warned that more was in the offing.

Just eight hours after news broke about Jackson, U.K.-based Sophos started tracking the first wave of Jackson spam, which used a subject head of “Confidential — Michael Jackson.” The spam wasn’t pitching a product or leading users to a phishing or malware Web site, but instead was trying to dupe users into replying to the message in order to collect e-mail addresses and verify them as legitimate.

“The body of the spam message does not contain any call-to-action link such as a URL, e-mail or phone number,” said Sophos in its company’s blog today. “But the spammer can harvest receivers’ e-mail addresses via a free live e-mail address if the spam message is replied to.”

The original versions were just plain old spam to harvest addresses, but later malware laden versions followed which dropped IRC bots and backdoors detected as “Trojan.Win32.Buzus.bjyo”.

It’s sad to see such things happening, but social engineering attacks to spread malware are always expected when some big news like this breaks.

Nothing is sacred to the dark side of the Internet.

The timing of that campaign was not coincidental: It followed Jackson’s acquittal on all charges in child sexual abuse. “The news of his suicide attempt was believable,” said Cluley, who noted that scammers and hackers often trade on tragedies to get people to click links. In that case, users were hit with a hacker toolkit that tried several exploits against Internet Explorer.

“I wouldn’t be surprised to see hackers claiming that they have top-secret footage from the hospital, perhaps [allegedly] taken by the ambulance people, that then asks you to install a video codec,” said Cluley, talking about a common malware ploy. Users who click on the supposed codec update link are, in fact, then infected with attack code, often a bot that hijacks their computer.

So do warn people, if someone e-mails them pictures or videos claiming to be secret or exclusive footage surrounding the death of Michael Jackson – it’s most likely an infection vector.

Common sense prevails, but is sadly not common.

RIP Michael.

Source: Network World

Posted in: Malware, Social Engineering, Spammers & Scammers

, , , ,


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


2 Responses to Michael Jackon Spam/Malware – RIP The King Of Pop

  1. Alan June 29, 2009 at 6:51 pm #

    Surprisingly there has been no signs of any similar vectors regarding Farrah Fawcett’s death on the same day.
    MJ is more widely known and popular, but on the other hand Farrah was a sex symbol in her hay day and I’m sure we all know how well sex sells.

  2. Brendan July 2, 2009 at 3:28 pm #

    Michael Jackson was a child molester and a generally strange person. If he significantly influenced your life, I truly feel sorry for you.