The article below was originally posted by the Internet Storm Center.

As we anticipated in our yesterday’s diary, spammers are starting to exploit attention-grabbing headlines of recent celebrity deaths. Sophos described one such message, with the subject “Confidential===Michael Jackson”, in their blog posting. Today we’re starting to see reports of these messages directing individuals to websites that distribute malicious software.

For example, Steve Basford emailed us a link to his blog posting, where he discusses a spammed fake news item invites the victim to download a “video” to download. The message said: “As redes de televisão americanas CBS e ABC também estão noticiando a morte do cantor, assim como a versão online do jornal New York Times e da revista Variety…” (See screen shot below.)

The victim was asked to download the “video” file is named “Michael.Jackson.videos.scr” was actually a malicious program–a downloader that would start the infection chain. See the VirusTotal report.
Update: Websense is reporting that they are seeing this campaign as well in their blog posting, and offer a few additional details.

– Lenny

Lenny Zeltser – Security Consulting

Lenny teaches malware analysis at SANS Institute. You’re welcome to follow him on Twitter. You can also track new Internet Storm Center diaries by following ISC on Twitter.

Be Sociable, Share!

Post to Twitter Post to Delicious Post to Digg Post to Facebook Post to StumbleUpon