Friday, July 3, 2009

"Who Killed Michael Jackson?" The Answer at a Malicious Website



According to TrendMicro's blog, there is an email spam which is playing on the "inquiring minds want to know" crowd by asking: "Who killed Michael Jackson?" 

The answer of course is located on a malicious website. 

From TrendMicro:

"Michael Jackson has been dead for a week already, but there are still a lot of speculations regarding his death. The spam runs are plenty as well — a Michael Jackson-related spam was seen bearing the subject  "Who killed Michael Jackson?", coming from a sender named x-files.

The spam message suggests that the icon was killed, and that information on who murdered him can be seen on the given URL.

Clicking the said link leads to a website, where the user is asked to execute a file, which supposedly contains secret information, in order to find out who killed Michael Jackson.  (and inquiring minds should know better than to do that)

But of course, the executable is not at all related to Michael Jackson’s murderer, or to Michael Jackson at all, as the file is really an data-stealer detected by Trend Micro as TROJ_ZBOT.AXY.

The Trojan TROJ_ZBOT.AXY connects to a certain URL where it downloads a configuration file containing a list of banking-related websites. Once the user attempts to visit any of the listed sites, a spoofed site is displayed instead of the real one, thus any critical information entered on the spoofed site will be sent to a remote user.

This threat however, doesn’t stand a chance against the Smart Protection Network as of its all components — spam, URL and file — are already either blocked or detected.
Reblog this post [with Zemanta]

Disqus for ePayment News