Just hours after the death of pop star Michael Jackson, security vendors were tracking attempts to cash in on the event by spammers and malware writers.In a blog posting by security firm Sophos, the firm reported the first wave of spam messages "employing the sad news in the subject line and body part to harvest victims’ email addresses".The message sender claims to have information about Jackson's death that they want to share with the recipient. Although the body of the spam message does not contain any URLs or other call-to-action links, if replied to it will allow the spammer to harvest the user's email address, said Sophos.Rik Ferguson, senior security adviser at vendor Trend Micro, warned that any event of this magnitude would be expected to generate significant amounts of spam and malware."It always does – it happens with any newsworthy event, joyous or tragic, and Jackson's death is probably up there with Elvis," he said."We fully expect to see black hat SEO [search engine optimisation] activity and significant spam runs using the news as bait, because people are hungry for details."Black hat SEO manipulation attacks were launched soon after the death of actor Heath Ledger, and have already been seen since the death of actress Farrah Fawcett was announced.They involve hackers disguising malicious links as URLs to legitimate sites containing news about a high-profile event in order to push the results higher up the search listings."Hosted on is-the-boss domains (last seen in the H1N1 black hat SEO attack), the links that come up in search results redirect to other URLs that eventually land on all-too-familiar territory: a rogue antivirus download," said Trend Micro's Macky Cruz, in a posting on the Trend Micro blog."Users are advised to exercise extreme caution in searching for related news and information surrounding the deaths of these celebrities."However, some have accused the security vendors themselves of using the news for their own benefit.“Most internet users are intelligent enough to know that this is spam," argued Rakash Gupta, chief executive of PineAppUK."It is the industry’s responsibility to provide sensible, intelligent advice that allows computer owners to accurately assess their risks. With the right solution in place, security is not something to be afraid of. Yet again we urge the industry to stop the gimmicks.”
Issue: 322 | December 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.