June 30, 2009
Michael Jackson Spam Screenshot. Download image.
• Spammers exploit Michael Jackson death
• Virus steals bank account passwords with one click
BIRMINGHAM, Ala. - Cyber criminals are exploiting public interest in the death of singer Michael Jackson with spam messages that infect computers with a virus able to steal bank account numbers and passwords, according to Gary Warner, UAB's director of research in computer forensics. Warner and the other researchers at the UAB Spam Data Mine began tracking the celebrity-focused spam early on Tuesday, June 30.
"We've been tracking the cyber criminals behind this spam and the associated virus for many weeks, but it is just today that they have shifted their strategy by embedding their virus into an e-mail that claims to link you to a Web site that will reveal Michael Jackson's killer," Warner said.
"The spam related to this virus has taken many forms, including e-cards, shipment tracking links and, most recently, a fake update to Microsoft Outlook, but with the high interest in Michael Jackson's death the cyber criminals decided to change their delivery method to capitalize on that," he said.
The message in the Jackson virus spam reads "Michael Jackson was killed ... but who killed Michael Jackson." Warner said anyone who clicks on the message won't find an answer to the question.
"If you click on that e-mail and go to the page the cyber criminals have linked to the message, your computer is immediately infected with malware," Warner said.
Warner said once it is on a computer's hard drive, the malware will steal bank account information and passwords. The virus also will redirect certain Google searches performed on an infected computer, meaning the malware inserts links to other virus-infected pages into the top positions of search results. This means that search results that unsuspecting users would otherwise think valid are actually portals to other virus programs and malware, Warner said
About UAB
UAB computer forensics program is on the front lines of cyber crime and takes a three-part approach in its response to battling the problem. The first focus is on academic training to prepare the next generation cyber-crime investigators. The program also builds a public awareness of cyber crime while conducting research to develop cutting edge options for taking on cyber criminals.