As we anticipated in our yesterday's diary, spammers are starting to exploit attention-grabbing headlines of recent celebrity deaths. Sophos described one such message, with the subject "Confidential===Michael Jackson", in their blog posting. Today we're starting to see reports of these messages directing viduals to websites that distribute malicious software.
For example, Steve Basford emailed us a link to his blog posting, where he discusses a spammed fake news item invites the victim to download a "video" to download. The message said: "As redes de televisão americanas CBS e ABC também estão noticiando a morte do cantor, assim como a versão online do jornal New York Times e da revista Variety..." (See screen shot below.)
The victim was asked to download the "video" file is named "Michael.Jackson.videos.scr" was actually a malicious program--a downloader that would start the infection chain. See the VirusTotal report.
Update: Websense is reporting that they are seeing this campaign as well in their blog posting, and offer a few additional details.
Liked this note? Tweet it!
Lenny Zeltser - Security Consulting
Jun 26th 2009
9 years ago