Michael Jackson's Death Spurs Spam, Malware Campaigns
Less than 24 hours after the news of Jackson's death broke in mainstream media, malware writers launched spam e-mails featuring the words "Michael Jackson" in the subject lines, intended to trick users into buying bogus products or clicking malicious files to distribute malware.
One such attack, detected by researchers at security company Websense, purports to offer recipients links to unpublished Michael Jackson videos and pictures. The spam e-mail messages entice users to click on a link that appears to lead them to a YouTube video featuring the pop singer, but instead sends them to a Trojan downloader hosted on a compromised Web site. The file, embedded in the spam e-mail, called Michael.Jackson.video, is located on a legitimate news Web site hosted in Australia. Upon opening the file, users are taken to the legitimate site while information-stealing malware is silently installed in the background.
Meanwhile, experts at Symantec say that they've already seen an explosion of spam using Michael Jackson's name in subject lines in an attempt to lure users to open messages soliciting fake pharmaceuticals, fake antivirus software and other products unrelated to the subject header. And they expect to see a sharp spike in the next 24 to 48 hours.
"Spammers are as close to ambulance chasers as you can get -- anything they can use to get buzz value," said David Cowings, senior manager for Symantec Security Response, adding that the spam message doesn't even need to be related at all to the product being sold. "The biggest thing is getting someone to click into it a lot of times," he said.
So far, Cowings said, attacks exploiting Jackson's death have mainly been limited to spam. However, Cowings said that in the near future he expects to see more spam using the singer's name in subject lines as a vehicle to distribute malware, either by embedding malicious video codecs or attaching malicious files.
Cowings also said that there will likely be a sharp surge of spam surrounding the impending release of Jackson's autopsy report, as well as an uptick in sites claiming to host videos on the last moments of Jackson's life, Twitter tweets and social networking sites linking to malicious sites, and search engine poisoning campaigns injecting malicious sites into top search-engine results.
Waves of spam emerged immediately following news of Jackson's death, in part, because of automated spam tools, Cowings said. Malware authors and spammers have created programs designed to snag randomized content -- often the latest headlines -- from news sources in order to reel in users and increase their bot networks. Once botnets are sufficiently built up, malware authors start to use them to deliver malware on users' computers, Cowings said.
However, there are ways users can protect themselves, Cowings said. Comprehensive antispam and antivirus products will often protect most users from malware once they click on a malicious link. Plus users should always remember to avoid clicking on links or files sent from unknown sources.
Meanwhile, will Michael Jackson spam subside? "It will last as long as it will stay in the headlines," Cowings said.