Michael Jackson “breaking news video” distributes malware

As many expected, the death of the “King of Pop” Michael Jackson has given malware authors a new topic to entice users into installing malware

Shortly after we detected the first spam message regarding Michael Jackson, the first malware related to his demise also arrived:

Michael Jackson malware spam

The body of the message is in Portuguese, which roughly translates into the following:

“The Los Angeles Times reported online that singer Michael Jackson died this Thursday (25th) at the age of 50. U.S. television networks CBS and ABC as well as the online versions of New York Times and Variety magazine are also reporting the death of the singer. Citing sources from Los Angeles firefighters, Jackson suffed from a cardiac arrest at his home, and was taken unconscious to the hospital.

Images of Michael Jackson’s body

Unpublished video not on-the-air yet.”

The image seems to be ripped from the entertainment biz show “Entertainment Tonight”, judging from the Orange “T” at the bottom left corner. The actual link, however, goes to a .com.au site which asks a user to download the file “Michael.Jackson.videos.scr”. This file is detected by Sophos Antivirus as Troj/Dloadr-CPD.

Interestingly, the youtube link at the very bottom is not hotlinked to any malware. If the link is pasted into a browser, it’ll take the audience to the music video of Michael Jackson’s hit “Thriller”.

Looking into our archives, we have not seen many samples of this malware spam and distribution seems limited so far. It is likely that more Michael Jackson-themed malware and spam is on its way however. It is advised that users be especially vigilant when they receive messages or links related to this news.