Michael Jackson Malware Rings in July 4 Weekend
Security researchers at Symantec and Sophos are reporting the prevalence of spam related to the death of pop star Michael Jackson last week. Rather than relying on just their normal Independence Day-related e-mails, spammers have launched a number of campaigns to infect users with malware using news about the singer as a lure.
July 4 weekend is usually a time for barbecues, beach parties and Independence Day spam. But the death of pop superstar Michael Jackson may have changed the face of the annual spam barrage.
of just the typical deluge of e-mails luring users with tales of fireworks
displays, spammers and malware authors are still riding high on interest in
e-mail, which claims to come from email@example.com, says that the
attached ZIP file contains secret songs and photos of Michael Jackson," blogged
Graham Cluley, senior technology consultant at Sophos. "However, the reality is
that opening the attachment exposes you to infection - and if your computer is
hit you will be spreading the worm onto other internet users. Besides spreading
via e-mail, the malware is also capable of spreading as an Autorun component on
Sophos detects the malware as Mal/ZipMal-B and Mal/VB-AD, and recommends users keep their anti-virus products up-to-date.
Several other malicious spam campaigns centered on Jackson's death have been launched lately as well.
Over at Symantec, researcher Samir Patil said that the company is not seeing the same level of intensity in regards to Fourth of July spam as it has in the past.
"In order to track the prevalence and volume change of Fourth of July spam, we have been supervising the probe network traffic for this type of spam over the past couple of weeks," he blogged. "Surprisingly, it looks as if spammers are less passionate about spawning Independence Day spam this year. The probable reason for this neutrality could be the spam spike related to the death of pop star Michael Jackson."
that doesn't mean that Independence Day spammers aren't hard at work. For
example, Symantec uncovered a spam campaign inviting recipients of the e-mail
to a July 4 fireworks celebration at a hotel in
Interestingly, the fireworks celebration referenced in the spam is in fact happening - but a close analysis of it found several suspicious features. For one, the e-mail originates from a recently registered domain that has no connection with the hotel authority, according to Symantec. In addition, the IP address visible in the e-mail headers is notorious for sending out spam and is present in IP blacklists.
"Users need to take extra care while opening any e-mail with this type of subject line/content," Patil wrote. "Because Independence Day is still a few days away, we expect that spammers might continue pushing such fake-but-catchy offers into users' inboxes."