Where am I? >
Home >
News >
Hacking

Spam campaign is using current interest in the Jackson trial to spread a malicious Trojan

Jacko suicide Trojan spreading fast

Hackers go wacko with zombies

vnunet.com, 10 Jun 2005

Michael Jackson is being used to recruit PCs for a network of zombie computers under the remote control of hackers.

Security software company Sophos is reporting a massive spam campaign using current interest in the Jackson trial, at which the jury is currently considering its verdict.

The email, which contains several spelling mistakes, is headed 'Re: Suicidal aattempt' and carries the following message:

"Last night, while in his Neverland Ranch, Michael Jackson has made a suicidal attempt. They suggest this attempt follows the last claim was made against the king of pop. 46 years old Michael has left pre-suicid note which describes and interpretes some of his sins. Read more..."

If users follow the URL they reach a page indicating that the site's bandwidth has been exceeded. However, the site contains a Trojan program called Troj/Borobt-Gen and attempts to install the malware onto the computer via a patchable flaw in Internet Explorer.

Once infected the computer becomes part of a botnet, a network of slave PCs that can be used to generate spam or take part in online denial of service attacks.

"There's loads of it about at the moment," said Carole Theriault, security consultant at Sophos. "The volume of spam is ramping up as the day progresses."

This is not the first time that self-styled 'king of pop' Jackson has been used as a hook by hackers. In 2004 a link purporting to show the singer's home videos used a similar tactic to infect PCs with the Hackarmy Trojan.

Hackarmy has been used repeatedly in this kind of attack, and has demonstrated the effectiveness of headline-grabbing spam by using hooks like Osama Bin Laden, American hostage Nick Berg and Arnold Schwarzenegger.

"We find that once this type of spam lands in employees' inboxes, all common sense about suspicious emails goes out the window," said Mark Herbert, founder of managed email security firm intY.

"Against their better judgement, people will follow the link that downloads a dangerous Trojan onto their computer. Businesses need to continually warn employees to be on their guard."