July 4 weekend is usually a time for barbecues, beach parties and Independence Day spam. But the death of pop superstar Michael Jackson may have changed the face of the annual spam barrage.
Instead of just the typical deluge of e-mails luring users with tales of fireworks displays, spammers and malware authors are still riding high on interest in Jackson's death. Over at Sophos, researchers are reporting that an e-mail with the subject line "Rememebring Michael Jackson" was circulating with a worm in tow. The e-mail has a zip file attached that infects victims if downloaded.
"The e-mail, which claims to come from sarah@michaeljackson.com, says that the attached ZIP file contains secret songs and photos of Michael Jackson," blogged Graham Cluley, senior technology consultant at Sophos. "However, the reality is that opening the attachment exposes you to infection - and if your computer is hit you will be spreading the worm onto other internet users. Besides spreading via e-mail, the malware is also capable of spreading as an Autorun component on USBmemory sticks (an increasingly common trend for malware as use of these devices has become more and more popular)."
Sophos detects the malware as Mal/ZipMal-B and Mal/VB-AD, and recommends users keep their anti-virus products up-to-date.
Several other malicious spam campaigns centered on Jackson's death have been launched lately as well.
Over at Symantec, researcher Samir Patil said that the company is not seeing the same level of intensity in regards to Fourth of July spam as it has in the past.
"In order to track the prevalence and volume change of Fourth of July spam, we have been supervising the probe network traffic for this type of spam over the past couple of weeks," he blogged. "Surprisingly, it looks as if spammers are less passionate about spawning Independence Day spam this year. The probable reason for this neutrality could be the spam spike related to the death of pop star Michael Jackson."
But that doesn't mean that Independence Day spammers aren't hard at work. For example, Symantec uncovered a spam campaign inviting recipients of the e-mail to a July 4 fireworks celebration at a hotel in Miami. The e-mail contains a link leading to a Web form where the user is asked for personal information such as names, e-mail addresses and the number of accompanying guests.
Interestingly, the fireworks celebration referenced in the spam is in fact happening - but a close analysis of it found several suspicious features. For one, the e-mail originates from a recently registered domain that has no connection with the hotel authority, according to Symantec. In addition, the IP address visible in the e-mail headers is notorious for sending out spam and is present in IP blacklists.
"Users need to take extra care while opening any e-mail with this type of subject line/content," Patil wrote. "Because Independence Day is still a few days away, we expect that spammers might continue pushing such fake-but-catchy offers into users' inboxes."
Research Assistant
