One of the first things I did when I heard pop singer Michael Jackson passed away yesterday—besides decide which of his music videos I would link to on my Facebook page—was brace myself for reports of spam and malware attacks taking advantage of reports of his death.
Maybe that's a sign I've been doing this too long. Then there was a post on the SANS Internet Storm Center blog that warned of the same thing. Today, Sophos reported that roughly 8 hours after the King of Pop's death, their labs observed the first wave of spam messages portending to have news about his passing.
"In these messages, the spammer claims that they have vital information about the death of Michael Jackson to share with somebody—ie. the user," wrote Sophos Senior Technology Consultant Graham Cluley. "Sophos experts note that the body of the email does not contain any call-to-action links—such as a URL, email address or phone number—and the 'from' email address is bogus, however the spammer can easily harvest recipients' email addresses via a free live email address if computer users reply to the spam message."
Researchers at Websense discovered a separate spam campaign that tries to trick users into clicking on a malicious YouTube link that send them to a compromised Website with a Trojan downloader. The Website is hosted in Australia belonging to a radio station. Upon executing the file, a legitimate Website at http://musica.uol.com.br/ultnot/2009/06/25/michael-jackson.jhtm is opened by the default browser in order to distract the user by presenting a news article for them to read, according to Websense Security Labs blog.
Attackers are also taking advantage of actress Farrah Fawcett's death. Researchers did not offer up information about what groups or botnets are behind the campaigns. As always though, users should be careful when receiving e-mail from unknown sources.