Michael Jackson spam spreads, malware attacks likely

Computerworld - Within hours of the death of pop star Michael Jackson, spam trading on his demise hit in-boxes, a security firm said today as it warned that more junk mail was in the offing.

Just eight hours after news broke about Jackson, Abingdon, England-based Sophos PLC started tracking the first wave of Jackson spam, which used a subject line of "Confidential -- Michael Jackson." The spam wasn't pitching a product or leading users to a phishing or malware Web site. Instead it was trying to dupe users into replying to the message in order to collect e-mail addresses and verify them as legitimate.

"The body of the spam message does not contain any call-to-action link such as a URL, e-mail or phone number," said Sophos in its SophosLabs blog today. "But the spammer can harvest receivers' e-mail addresses via a free live e-mail address if the spam message is replied to."

"Undoubtedly we'll see more with Jackson," said Graham Cluley, a Sophos senior technology consultant, today. "Actually, spammers and hackers have done Jackson before. Several years ago they pitched a breaking news story, claiming that he had attempted suicide."

The timing of that campaign was not coincidental: It followed Jackson's acquittal on charges in child sexual abuse. "The news of his suicide attempt was believable," said Cluley, who noted that scammers and hackers often trade on tragedies to get people to click links. In that case, users were hit with a hacker tool kit that tried several exploits against Internet Explorer.

"I wouldn't be surprised to see hackers claiming that they have top-secret footage from the hospital, perhaps [allegedly] taken by the ambulance people, that then asks you to install a video codec," said Cluley, talking about a common malware ploy. Users who click on the supposed codec update link are, in fact, then infected with attack code, often a bot that hijacks their computer.

Users should also beware of results from searches they run using the singer's name, said Cluley. "We've already seen search engine manipulation involving Farah Fawcett, who also died yesterday. Criminals will create pages with keywords and news stories, sometimes even legitimate stories, to get to the top of the search lists," Cluley continued. "When you go to one of those sites, you'll get hit with malware."

In the case of the Fawcett search engine manipulations, sites that gamed Google, for instance, led users to fake antivirus software sites, which lied to users, telling them that they were infected with malicious code.

Another tactic that cybercriminals have used with celebrity deaths, said Cluley, is what he called "tribute spam."

"We saw this after Pope John Paul II died," said Cluley. "Spammers sent out messages saying they were selling things like a tribute DVD, and, of course, asked for credit card details. You may never have gotten a DVD, but they had your credit card."

Similar schemes may soon be launched to take advantage of the interest in Jackson. "If you want to buy some Jackson merchandise, do it from Amazon or iTunes, not some site you've never heard of," urged Cluley.