Symantec is reminding everyone about the increased risk of scams immediately after big news events, as we have seen in recent days with the sad announcements about Ed McMahon, Farrah Fawcett and most shockingly, Michael Jackson.
“History tells us propagators of spam and malicious code will inevitably attempt to play on the public’s emotions and curiosity around these events and attempt to use them to exploit computer users,” said Dave Cowing, Senior Manager at Symantec Security Response. “At this point, Symantec is seeing spam spreading around these tragedies, but none of it has related to malicious code so far.”
But forewarned is forearmed.. so bear in mind the following potential security threats:
- Spam with subject lines related to any of these deaths trying to peddle fake medicines.
- Spam with subject lines related to any of these deaths leading to misleading applications, such as fake antivirus software.
- Spam with subject lines related to any of these deaths leading to fake codecs.
- Spam with subject lines related to any of these deaths with malware attached.
- Search engine poisoning campaigns injecting malicious sites into the top search engine results related to any of these deaths.
- Sites claiming to host videos of the last moments of these individuals lives, but that actually peddle fake medicines or malware.
- Links to fake videos of these stars that actually attempt to infect users with malware.
- Social networking site messages related to these deaths which could be W32.Koobface.
- Twitter tweets about these deaths leading to all sorts of malicious Web sites.
Update June 30: Well they hate to say 'we told you so' but it looks like the first of these scams has already been spotted in the wild.
It's a worm which sends out spam e-mails with the subject “Remembering Michael Jackson” and an attachment named “Michael songs and pictures.zip.” The .zip file contains another file called “MichaelJacksonsongsandpictures.doc.exe,” which is a copy of the worm and which is executed on the user’s machine when the file is clicked on.
Symantec has indentified the worm as W32.Ackantta.F@mm which spreads through emails as well as autorun.inf files on removable drives such as USB keys.