Michael Jackson suicide spam leads to Trojan horse, reports Sophos

June 09, 2005 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centers, have warned of a spam campaign that claims that Michael Jackson has attempted suicide in an attempt to lure innocent computer users into being infected by a Trojan horse.

An example of the email
The email claims that Michael Jackson has attempted to commit suicide. But clicking on the link will cause infection.

Sophos has identified hundreds of the spam messages being sent, preying on intense media interest in the trial of the controversial popstar. The spam emails have the following characteristics:

Subject: Re: Suicidal aattempt

Message text:
Last night, while in his Neverland Ranch, Michael Jackson has made a suicidal attempt.

They suggest this attempt follows the last claim was made against the king of pop. 46 years old Michael has left pre-suicid note which describes and interpretes some of his sins.

Read more...

However, when users click on the link they are taken to a website which secretly installs malicious code onto their PCs.

"If you click on the link the website displays a message saying it is too busy, which may not surprise people who think it might contain genuine breaking news about Michael Jackson," said Carole Theriault, security consultant at Sophos. "However, this is a diversionary tactic - because behind the scenes the website is downloading malware onto the user's computer without their knowledge."

Experts at Sophos have analysed the code downloaded by clicking on the link, and determined that it itself attempts to download another Trojan horse which Sophos detects as Troj/Borobt-Gen. Sophos PureMessage has been updated to detect the spam message automatically at email gateways.

Sophos notes that this is not the first time that the troubled pop star has been exploited by virus writers and hackers attempting to spread their malware. In October last year messages were posted on the internet claiming that incriminating home videos belonging to Jackson had been discovered - but clicking on the link infected web surfers with the Hackarmy Trojan horse.

"The sick minds behind viruses and other malware often exploit celebrity names and news stories in an attempt to infect as many people as possible," continued Theriault. "All computer users should be very careful about clicking on weblinks in unsolicited email or launching unknown attachments."

Sophos recommends companies automatically update their corporate virus protection, and filter attachments which may contain malicious code at the email gateway with a consolidated solution to defend against viruses and spam.