Within hours of the death of pop star Michael Jackson, spam trading on his demise hit in-boxes, a security firm said today as it warned that more junk mail was in the offing.
Just eight hours after news broke about Jackson, Abingdon, England-based Sophos PLC started tracking the first wave of Jackson spam, which used a subject line of “Confidential — Michael Jackson.” Spam incidents reportedly plummeted in early June. Prior to Jackson’s death, spammers were using the Swine Flu scare as a carrier of the malicious wares.
The spam wasn’t pitching a product or leading users to a phishing or malware Web site. Instead it was trying to dupe users into replying to the message in order to collect e-mail addresses and verify them as legitimate.
“The body of the spam message does not contain any call-to-action link such as a URL, e-mail or phone number,” said Sophos in its SophosLabs blog today.
“But the spammer can harvest receivers’ e-mail addresses via a free live e-mail address if the spam message is replied to.”
“Undoubtedly we’ll see more with Jackson,” said Graham Cluley, a Sophos senior technology consultant, today. “Actually, spammers and hackers have done Jackson before. Several years ago they pitched a breaking news story, claiming that he had attempted suicide.”
The timing of that campaign was not coincidental: It followed Jackson’s acquittal on charges in child sexual abuse.
“The news of his suicide attempt was believable,” said Cluley, who noted that scammers and hackers often trade on tragedies to get people to click links. In that case, users were hit with a hacker tool kit that tried several exploits against Internet Explorer.
“I wouldn’t be surprised to see hackers claiming that they have top-secret footage from the hospital, perhaps [allegedly] taken by the ambulance people, that then asks you to install a video codec,” said Cluley, talking about a common malware ploy.
Users who click on the supposed codec update link are, in fact, then infected with attack code, often a bot that hijacks their computer.
Users should also beware of results from searches they run using the singer’s name, said Cluley. “We’ve already seen search engine manipulation involving Farah Fawcett, who also died yesterday.
Criminals will create pages with keywords and news stories, sometimes even legitimate stories, to get to the top of the search lists,” Cluley continued. “When you go to one of those sites, you’ll get hit with malware.”
In the case of the Fawcett search engine manipulations, sites that gamed Google, for instance, led users to fake antivirus software sites, which lied to users, telling them that they were infected with malicious code.
Another tactic that cybercriminals have used with celebrity deaths, said Cluley, is what he called “tribute spam.”
“We saw this after Pope John Paul II died,” said Cluley. “Spammers sent out messages saying they were selling things like a tribute DVD, and, of course, asked for credit card details. You may never have gotten a DVD, but they had your credit card.”
Similar schemes may soon be launched to take advantage of the interest in Jackson. “If you want to buy some Jackson merchandise, do it from Amazon or iTunes, not some site you’ve never heard of,” urged Cluley.
Web traffic soars
Meanwhile Jackson’s unexpected death sent people rushing to the Internet to read news updates and share their feelings.
Web sites like Facebook, Twitter and Google all saw spikes in traffic in the hours after Jackson, the self-proclaimed King of Pop, was pronounced dead last Thursday at 5:26 p.m. Eastern time.
Akamai Technologies Inc., which tracks online traffic, noted that traffic to the hundreds of news sites it monitors, including those of CNN, Reuters and the BBC, jumped to more than 4.2 million visitors per minute.
That was up from 3 million visitors per minute in the hours before Jackson died.
The spike in traffic to news sites, while notable, didn’t make Akamai’s list of top 15 spikes over the past four years, according to Jeff Young, a spokesman for the Cambridge, Mass.-based Internet company.
For instance, shortly after U.S. Airways Flight 1549 landed safely in New York’s Hudson River, news site traffic leaped to 4.96 million visitors per minute.
And late in the day of the 2008 presidential election, traffic peaked at 8.57 million visitors per minute.
“It didn’t make the top 15, but it happened later in the day so East Coast people weren’t still at work,” said Young. “If you’re at home when news breaks, we still largely turn to television. If you’re at work, you turn to the Internet. This is still a big spike though.”
Akamai reports that news site traffic remained about 18 per cent higher than normal late this morning.
Traffic to social networking sites was also heavy following news of Jackson’s death.
A Facebook Inc. spokesman said this morning that the status updates of its users tripled within an hour of news that Jackson died and stayed close to that level for several hours.
Several Facebook pages devoted to Jackson and his passing popped up last night and attracted significant audiences.
For example, the “RIP Michael Jackson page” has so far drawn more than 234,000 fans since it was created last night. And a new page called “Michael Jackson RIP” already has more than 98,000 fans.
The performance of Twitter Inc.’s site was slowed last night, and its search feature was unavailable at times. Company officials did not respond to request for comment on the reasons for the slowdown. Over at Google Inc.’s search site, more than 50 of the top 100 searches were related to Jackson, according to Anne Espiritu, a Google spokesman.
“Millions of users around the world have been conducting searches related to Michael Jackson, and we saw a volcanic spike in Michael Jackson-related search queries,” she added.