Michael Jackson has “Gone Too Soon.” Spammers Never Let Go
The Internet has gone wild since Michael Jackson, the “King of Pop,” was reported dead on June 25. Symantec Security Response has already blogged about how we observed spammers trying to capitalize on this event in many ways, both with messages including malware, and scams tied to this talented celebrity’s death. We expect that spam and malware will keep coming in, given Michael Jackson’s popularity and following. Recipients should be extra cautious about messages that appear to be related to Jackson’s death, especially any email that comes from an unknown or unexpected source.
The following are some examples of what we have seen circulating:
Sample 1.1
Spammers hide behind a spoofed message, which appears as a rip-off of a familiar social network notification, in an attempt to try to trick recipients to open a malicious URL.
Sample 1.2
Spammers are disguised as a press organization and attempt to lead recipients to a malicious URL (jackson.com is detected as W32.HLLP.Sality.O).
From: folha online <sp@folhadesaopaulo.com.br>
Subject: Ultimas noticias de Michael Jackson
Translation:
Subject: Latest news from Michael Jackson
Body Translation:
[Content Details Removed]
...his home and was admitted to hospital in a state of coma.
Full coverage: Jackson dies see the latest unpublished photos
[Content Details Removed]
...that can be downloaded at the official site of the singer here.
http://www.michaeljackson.com/the_jackson_discography
Sample 2
Spammers send out content related to the star’s cause of death, along with an embedded .jpg link that leads users to a malicious binary file (W32.Pinfi).
Translation:
[Content Removed] ...in all the papers, the death was the result of/caused by drug use!
see photos
http://xrl.us/beym7m?DSC_803.jpg
Sample 3
The 419 scam—A spammer, pretending to be a Michael Jackson concert ticket officer based in London, sends out a message that requests the recipient’s information in order to receive ticket reimbursement.
From: "Michael Jackson concert{London}"<payee.representive@ xxxxxxxxxxx.xxxxx >
Reply-To: <payeerepresentive@xxxxxxxxxxx.xxxxx>
Subject: Reimbursement due to death of Pop King{Michael Jackson}
----------
Author's Note: My thanks to my colleagues and key contributors to this blog post: Ruby Yang and Eric Lin.
About Security Response Blog
Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.