Spammers exploit Michael Jackson death

Peter Dinham
Monday, 13 July 2009 16:27

Business IT - Security

“Currently we are observing a wave of fake Twitter invitations that come carrying a mass-mailing worm. The observed messages appear as if they have been sent from a Twitter account; however, unlike a legitimate Twitter message, there is no invitation URL present in the body. Instead, the user will see an attachment that appears as a .zip file that purportedly contains an invitation card.”

In its report, Symantec says one mass-mailing worm uses Michael Jackson's death as bait, with the worm sending out spam emails with the subject “Remembering Michael Jackson” and an attachment named “Michael songs and pictures.zip.” The .zip file, says Symantec, contains another file called “MichaelJacksonsongsandpictures.doc.exe,” which is a copy of the worm that is executed on the user’s machine when the file is opened.

In another example, Symantec says a spammer, pretending to be a Michael Jackson concert ticket officer based in London, sends out a message that requests the recipient’s information in order to receive reimbursement for the ticket. And, in a third example, spammers hide behind a spoofed message, which appears as a rip-off of a familiar social network notification, in an attempt to entice recipients to open a malicious URL.

However, Symantec says that, at its peak, spam related to President Obama during his first 100 days in office accounted for approximately two percent of all spam messages, but, at this time, less than one percent of all spam messages make reference to Michael Jackson’s life and death.

Symantec warns, however, that as the interest surrounding Michael Jackson’s life and death continues, Internet users should expect to continue to see threats that try to play upon the emotions and curiosity of the public around this event, and it advises email recipients to be extra cautious about messages that “appear to be related to Jackson’s death, especially any email that comes from an unknown or unexpected source.”

The trend of spammers using attachment images to get the attention of certain email users continues to re-emerge as a top spam threat.

There’s also a caution from Symantec alerting email users to a spam trend involving the manipulation of images by using geometric shapes and figures in the image background.

Symantec notes that, in the past, it has encountered background colour blocks, wavy text and multi-coloured blurred backgrounds, and that spammers are now using a combination of these tricks in the most recent wave of attachment spam attacks.

According to Symantec, the spammers have also recently mutated the image to include cartoon image comparisons of the male anatomy along with the advertised website, using a .GIF formatted image attachment with different coloured background and random lines.