June 26th, 2009
Michael Jackson's death themed malware campaigns spreading
The sudden death of Michael Jackson quickly opened a window of opportunity for cybercriminals to capitalize on.
With a malicious spam campaign, blackhat SEO search results poisoning which is serving scareware within the first 100 search results for Michael Jackson’s death, and an opportunistic participant in Zango adware’s network using typosquatting, malicious activity is prone to increase during the next couple of days.
Here are more details on the campaigns currently in circulation:
The malicious spam campaign is enticing users to visit a compromised web site (Beatz radio beatzradio.com.au) where the bogus Michael.Jackson.videos.scr screensaver is served.
A second, non-malicious spam campaign using a Michael Jackson theme is being spammed from legitimate emails in a desperate and amateur-ish attempt to harvest the emails of those who reply back - a practice which became obsolete with the time due to the much more sophisticated email harvesting techniques spammers have in a Web 2.0 world for instance.
- Go through related event-based social engineering campaigns serving malware: Fake CNN news items malware campaign spreading rapidly; Fake Microsoft patches themed malware campaigns spreading; Fake “Conficker Infection Alert” spam campaign circulating; Cybercriminals hijack Twitter trending topics to serve malware; Cybercriminals syndicating Google Trends keywords to serve malware; Swine flu email scams circulating; The Web’s most dangerous keywords to search for
Several of the blackhat SEO campaigns serving scareware with a low generic detection rate, are already popping-up within the first 100 search results at Google.
Based on historical performance by this Ukrainian group of cybercriminals, the number of keywords and phrases using Michal Jackson as a theme will inevitably increase during the weekend.
Excluding the several registered typosquatted domains offered for sale, one exception (michael-jackson-is-dead (dot) net) is promoting a “shocking video” which in reality is a Zango adware toolbar.
Mixing social engineering tactics with different traffic acquisition tactics such as a combination of potentially popular keywords/phrases, next to pushing the malicious content through spam is opportunistic cybercrime as usual. However, with the Web feeling the “Michael Jackson effect” — Twitter killing features and Google issuing anti-worm activity CAPTCHA messages for related searches — even a badly structured and executed malware campaign will succeed due to the huge anticipated traffic unless a little bit of extra common sense is in place.
Whether it’s bad news or good news, for cybercriminals it’s always news items to hijack and serve malicious content through.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
