by Blight Crusader

Even before his death, Michael Jackson ranked number ten worldwide on the ignoble list of celebrity names used in spam attacks. While the new numbers aren’t in, he’s obviously going to shoot to the top spot, at least in the short term.

I wrote about this last week, but wanted to provide an update, since I came across an article with a fair amount of detail (such as domain and file names used) on the current state of Michael Jackson spam out there.

From Enterprise IT Planet, here’s the info:

Malware writers, always eager to take advantage of breaking news to get victims to click on bad links and download Trojans, have already jumped on the largest recent Internet message stream — the flood of grief and commentary surrounding the death of singer Michael Jackson.

The volume of Web traffic surrounding Jackson’s death became so huge that there was a tangible Web slowdown, with problems affecting major Web sites and services. Google, for instance, admitted on its official blog that its Google News site initially took the spike in searches as an automated attack.

Not surprisingly, spammers and malware authors have also begun taking advantage on the public’s interest in the King of Pop.

Last week, F-Secure’s chief research officer, Mikko H. Hyppönen, wrote in his blog that the security company has already found several Michael Jackson Trojans.

“When executed, Michael-www.google.com.exe drops files called reptile.exe and winudp.exe. These are IRC bots with backdoor capability,” he wrote. “This file was distributed through a site called photos-google.com and possibly also through photo-msn.org, facebook-photo.net and orkut-images.com. Do not visit these sites.”

MessageLabs, Symantec’s cloud security service, said it had also uncovered similar Michael Jackson-themed threats.

“MessageLabs blocked 144 copies of a Trojan dropper identified as “W32/VB-Generic-0481-f36f,” MessageLabs senior analyst Paul Wood said in an e-mail to InternetNews.com.

“All of the e-mails had the same subject, ‘Remembering Michael Jackson,’ with a ZIP attachment containing malware with double extension (xxx.jpg.exe),” he said. “The link in the mail downloads a malicious executable file, disguised as a JPG.”

It’s just the latest case where spammers are taking advantage of victims’ trust in or eagerness to learn about celebrities. While Michael Jackson ranked 10th on the list of names used as spam bait even before his death, spammers have exploited the good names of actresses Kate Hudson and Kirsten Dunst and wrestler Hulk Hogan in one case, and Net guru Guy Kawasaki in another.

Yet, e-mail may soon be losing its luster the preferred attack vector for malware authors.

While e-mail is carefully policed, recent attacks show that Web 2.0 has more vulnerabilities. Symantec also recently reported that spammers have new tools specially designed for invading social networks.

Tags: Michael Jackson, spam

This entry was posted on Tuesday, July 7th, 2009 at 4:04 am and is filed under Articles, Blight News, Headlines. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.