It's inevitable now, with any high-profile news event that there will be spam and malware campaigns to take advantage of them. Thus it has been with the death of Michael Jackson.
F-Secure reports that there have been a couple of malware campaigns and they show an example of one of them, which they detect as Trojan.Win32.Buzus.bjyo.
There is nothing technically interesting about these attacks. They are mundane, pedestrian Trojan droppers. The one F-Secure writes up is a file named Michael-www.google.com.exe. This file has been distributed through photos-google.com and possibly also through photo-msn.org, facebook-photo.net and orkut-images.com. Don't visit these sites.
If you run Michael-www.google.com.exe it drops reptile.exe and winudp.exe, which are backdoor IRC bots, and which display a fake error message dialog box: "Picture cannot be displayed."
There have been others and there will be more and they're not all worth writing about. The important thing is that you be skeptical of links and sites that play on hot news topics, especially from search engines, since we know well how these can be manipulated to serve malicious results.
News 8 months ago
