Security Market Segment LS


JUser: :_load: Unable to load user with ID: 66
Monday, 13 July 2009 16:27

Spammers exploit Michael Jackson death

Spammers and malicious code authors have created and launched several new spam and malware campaigns using the death of Michael Jackson as a cover for their infected emails.

Since the pop star’s death on 25 June a number of spam and malware campaigns have taken shape using his image in the email or with references in the subject line like Who killed Michael Jackson? , All M. Jackson's faces, Jackson is still alive: proof, Remembering Michael Jackson, Tonight: Celine Dion Reflects on Michael Jackson!, Remembering Michael Jackson, and so on......
The latest spam report from Symantec shows that, generally, spam volumes in June continued to fluctuate but averaged approximately 90 percent of all email messages.
Symantec reports that the recent death of Michael Jackson, and the subsequent public interest combined with the Fourth of July holiday (in the US) showed that spammers were willing to use any notable event as a cover to distribute their messages.
“Various image spam obfuscation techniques that have recently been observed demonstrated that spammers continue to invest in this particular spam threat,” reports Symantec.

According to Symantec, another trend observed in June was that of a mass-mailing worm in fake Twitter account invites.

Symantec says that Twitter was used as bait to lure innocent victims into a phishing trap.


“Currently we are observing a wave of fake Twitter invitations that come carrying a mass-mailing worm. The observed messages appear as if they have been sent from a Twitter account; however, unlike a legitimate Twitter message, there is no invitation URL present in the body. Instead, the user will see an attachment that appears as a .zip file that purportedly contains an invitation card.”

In its report, Symantec says one mass-mailing worm uses Michael Jackson's death as bait, with the worm sending out spam emails with the subject “Remembering Michael Jackson” and an attachment named “Michael songs and” The .zip file, says Symantec, contains another file called “MichaelJacksonsongsandpictures.doc.exe,” which is a copy of the worm that is executed on the user’s machine when the file is opened.

In another example, Symantec says a spammer, pretending to be a Michael Jackson concert ticket officer based in London, sends out a message that requests the recipient’s information in order to receive reimbursement for the ticket. And, in a third example, spammers hide behind a spoofed message, which appears as a rip-off of a familiar social network notification, in an attempt to entice recipients to open a malicious URL.

However, Symantec says that, at its peak, spam related to President Obama during his first 100 days in office accounted for approximately two percent of all spam messages, but, at this time, less than one percent of all spam messages make reference to Michael Jackson’s life and death.

Symantec warns, however, that as the interest surrounding Michael Jackson’s life and death continues, Internet users should expect to continue to see threats that try to play upon the emotions and curiosity of the public around this event, and it advises email recipients to be extra cautious about messages that “appear to be related to Jackson’s death, especially any email that comes from an unknown or unexpected source.”

The trend of spammers using attachment images to get the attention of certain email users continues to re-emerge as a top spam threat.

There’s also a caution from Symantec alerting email users to a spam trend involving the manipulation of images by using geometric shapes and figures in the image background.

Symantec notes that, in the past, it has encountered background colour blocks, wavy text and multi-coloured blurred backgrounds, and that spammers are now using a combination of these tricks in the most recent wave of attachment spam attacks.

According to Symantec, the spammers have also recently mutated the image to include cartoon image comparisons of the male anatomy along with the advertised website, using a .GIF formatted image attachment with different coloured background and random lines.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]




Recent Comments