Jackson's death to spark massive spam runs

Spammers could be set to cash in on the media hype surrounding Jackson's death. Pic credit: Fabio Ikezaki

Just hours after the death of pop star Michael Jackson, security vendors are tracking attempts to cash in on the event by spammers and malware writers.

In a blog posting by security firm Sophos, the firm reported the first wave of spam messages "employing the sad news in the subject line and body part to harvest victims’ email addresses".

The message sender claims to have information about Jackson's death that they want to share with the recipient. Although the body of the spam message does not contain any URLs or other call-to-action links, if replied to it will allow the spammer to harvest the user's email address, said Sophos.

Rik Ferguson, senior security adviser at vendor Trend Micro, warned that any event of this magnitude would be expected to generate significant amounts of spam and malware.

"It always does – it happens with any newsworthy event, joyous or tragic, and Jackson's death is probably up there with Elvis," he said.

"We fully expect to see black hat SEO [search engine optimisation] activity and significant spam runs using the news as bait, because people are hungry for details."

Black hat SEO manipulation attacks were launched soon after the death of actor Heath Ledger, and have already been seen in the past 24 hours since the death of actress Farrah Fawcett was announced.

They involve hackers disguising malicious links as URLs to legitimate sites containing news about a high-profile event in order to push the results higher up the search listings.

"Hosted on is-the-boss domains (last seen in the H1N1 black hat SEO attack), the links that come up in search results redirect to other URLs that eventually land on all-too-familiar territory: a rogue antivirus download," said Trend Micro's Macky Cruz, in a posting on the Trend Micro blog.

"Users are advised to exercise extreme caution in searching for related news and information surrounding the deaths of these celebrities."

However, some have accused the security vendors themselves of using the news for their own benefit.

“Most internet users are intelligent enough to know that this is spam," argued Rakash Gupta, chief executive of PineAppUK.

"It is the industry’s responsibility to provide sensible, intelligent advice that allows computer owners to accurately assess their risks. With the right solution in place, security is not something to be afraid of. Yet again we urge the industry to stop the gimmicks.”