Security researchers at Symantec and Sophos are reporting the prevalence of spam related to the death of pop star Michael Jackson last week. Rather than relying on just their normal Independence Day-related e-mails, spammers have launched a number of campaigns to infect users with malware using news about the singer as a lure.
July
4 weekend is usually a time for barbecues, beach parties and Independence Day
spam. But the death of pop superstar Michael Jackson may have changed the face
of the annual spam barrage.
Instead
of just the typical deluge of e-mails luring users with tales of fireworks
displays, spammers and malware authors are still riding high on interest in Jacksons
death. Over at Sophos, researchers are reporting that an e-mail with the
subject line Rememebring Michael Jackson was circulating with a worm in tow.
The e-mail has a zip file attached that infects victims if downloaded.
Resource Library:
The
e-mail, which claims to come from sarah@michaeljackson.com, says that the
attached ZIP file contains secret songs and photos of Michael Jackson, blogged
Graham Cluley, senior technology consultant at Sophos. However, the reality is
that opening the attachment exposes you to infection - and if your computer is
hit you will be spreading the worm onto other internet users. Besides spreading
via e-mail, the malware is also capable of spreading as an Autorun component on USB
memory sticks (an increasingly common trend for malware as use of these devices
has become more and more popular).
Sophos
detects the malware as Mal/ZipMal-B and Mal/VB-AD, and recommends users keep
their anti-virus products up-to-date.
Over
at Symantec, researcher Samir Patil said that the company is not seeing the
same level of intensity in regards to Fourth of July spam as it has in the
past.
In
order to track the prevalence and volume change of Fourth of July spam, we have
been supervising the probe network traffic for this type of spam over the past
couple of weeks, he blogged. Surprisingly, it looks as if spammers are less
passionate about spawning Independence Day spam this year. The probable reason
for this neutrality could be the spam spike related to the death of pop star
Michael Jackson.
But
that doesnt mean that Independence Day spammers arent hard at work. For
example, Symantec uncovered a spam campaign inviting recipients of the e-mail
to a July 4 fireworks celebration at a hotel in Miami.
The e-mail contains a link leading to a Web form where the user is asked for
personal information such as names, e-mail addresses and the number of accompanying
guests.
Interestingly,
the fireworks celebration referenced in the spam is in fact happening - but a
close analysis of it found several suspicious features. For one, the e-mail
originates from a recently registered domain that has no connection with the
hotel authority, according to Symantec. In addition, the IP address visible in
the e-mail headers is notorious for sending out spam and is present in IP
blacklists.
Users
need to take extra care while opening any e-mail with this type of subject line/content,
Patil wrote. Because Independence Day is still a few days away, we expect that
spammers might continue pushing such fake-but-catchy offers into users
inboxes.
Network Security & Hardware 
