Michael Jackson email-aware worm hits inboxes

Image (2) michael-jackson-email-worm.jpg for post 14467

The attached malicious file
Since the death of pop icon Michael Jackson last week there has been an avalanche of scams and malware attacks exploiting interest in the contoversial figure.

Now we have encountered a mass-mailing worm that spams out messages with the following characteristics:

Subject: Remembering Michael Jackson
Attached file: Michael songs and pictures.zip

The email, which claims to come from sarah@michaeljackson.com, says that the attached ZIP file contains secret songs and photos of Michael Jackson.

Michael Jackson email worm

However, the reality is that opening the attachment exposes you to infection – and if your computer is hit you will be spreading the worm onto other internet users. Besides spreading via email, the malware is also capable of spreading as an Autorun component on USB memory sticks (an increasingly common trend for malware as use of these devices has become more and more popular).

Sophos detects the malware proactively as Mal/ZipMal-B and Mal/VB-AD, and recommends that users of other anti-virus products ensure that their defences are properly updated.

In light of the huge interest in Jackson since his sudden death, there are likely to be many computer users who are tempted into opening the attachment.

Long time followers of the computer security scene will be aware that although there has been much cybercriminal activity following Michael Jackson’s death, he was not immune from having his name exploited by hackers when he was alive either.

For instance, in 2004 a Trojan horse was spammed out claiming to contain photographic evidence of Jackson abusing a young boy. The following year a malware campaign was spammed out claiming to contain breaking news that the music superstar had committed suicide.

And earlier this year, we exposed that scammers had managed to advertise their offers on Jackson’s official website promoting his (now cancelled) concerts at the O2 in London.