InfoSec Handlers Diary Blog - Michael Jackson Spam Distributes Malware

Michael Jackson Spam Distributes Malware

Published: 2009-06-26
Last Updated: 2009-06-26 15:57:36 UTC
by Lenny Zeltser (Version: 2)

As we anticipated in our yesterday's diary, spammers are starting to exploit attention-grabbing headlines of recent celebrity deaths. Sophos described one such message, with the subject "Confidential===Michael Jackson", in their blog posting. Today we're starting to see reports of these messages directing viduals to websites that distribute malicious software.

For example, Steve Basford emailed us a link to his blog posting, where he discusses a spammed fake news item invites the victim to download a "video" to download. The message said: "As redes de televisão americanas CBS e ABC também estão noticiando a morte do cantor, assim como a versão online do jornal New York Times e da revista Variety..." (See screen shot below.)

The victim was asked to download the "video" file is named "Michael.Jackson.videos.scr" was actually a malicious program--a downloader that would start the infection chain. See the VirusTotal report.

Update 1: Websense is reporting that they are seeing this campaign as well in their blog posting, and offer a few additional details.

Update 2: Here's the ThreatExpert report on the downloader, detailing the files it attempts to install on the victim's system.

Liked this note? Tweet it!

-- Lenny

Lenny Zeltser - Security Consulting

Lenny teaches malware analysis at SANS Institute. You're welcome to follow him on Twitter. You can also track new Internet Storm Center diaries by following ISC on Twitter.

Keywords:

0 comment(s)

Join us at SANS! SANS SEC503: Intrusion Detection In-Depth. Gain the technical knowledge, insight, and hands-on training you need to defend your network with confidence.