Monday, June 29, 2009

Michael Jackson Malware Has Already Hit the Net

Trojans attempt to exploit the postmortem interest around the late King of Pop.
Story by Alex Goldman:
Malware writers, always eager to take advantage of breaking news to get victims to click on bad links and download Trojans, have already jumped on the largest recent Internet message stream -- the flood of grief and commentary surrounding the death of singer Michael Jackson.
The volume of Web traffic surrounding Jackson's death became so huge that there was a tangible Web slowdown, with problems affecting major Web sites and services. Google, for instance, admitted on its official blog that its Google News site initially took the spike in searches as an automated attack.
Not surprisingly, spammers and malware authors have also begun taking advantage on the public's interest in the King of Pop.
Today, F-Secure's chief research officer, Mikko H. Hyppönen, wrote in his blog that the security company has already found several Michael Jackson Trojans.
"When executed, Michael-www.google.com.exe drops files called reptile.exe and winudp.exe. These are IRC bots with backdoor capability," he wrote. "This file was distributed through a site called photos-google.com and possibly also through photo-msn.org, facebook-photo.net and orkut-images.com. Do not visit these sites."
MessageLabs, Symantec's cloud security service, said it had also uncovered similar Michael Jackson-themed threats.
"MessageLabs blocked 144 copies of a Trojan dropper identified as "W32/VB-Generic-0481-f36f," MessageLabs senior analyst Paul Wood said in an e-mail to InternetNews.com.
"All of the e-mails had the same subject, 'Remembering Michael Jackson,' with a ZIP attachment containing malware with double extension (xxx.jpg.exe)," he said. "The link in the mail downloads a malicious executable file, disguised as a JPG."
It's just the latest case where spammers are taking advantage of victims' trust in or eagerness to learn about celebrities. While Michael Jackson ranked 10th on the list of names used as spam bait even before his death, spammers have exploited the good names of actresses Kate Hudson and Kirsten Dunst and wrestler Hulk Hogan in one case, and Net guru Guy Kawasaki in another.
Yet, e-mail may soon be losing its luster the preferred attack vector for malware authors.
While e-mail is carefully policed, recent attacks show that Web 2.0 has more vulnerabilities. Symantec also recently reported that spammers have new tools specially designed for invading social networks.

No comments: