Keep your PC secure of Michael Jackson’s YouTube Video Spam
Unfortunate event of sudden death of Michael Jackson has been targeted by cyber criminals to campaign malicious code. It’s indeed sad to know that cyber criminals often rely on some of the most unfortunate events to promote their ill motives and agendas.
According to Websense Security Labs ThreatSeeker Network, cyber criminals are
However, what it really does is, sends the recipient to a Trojan Downloader hosted on a malicious Website.
The Malicious Website
- The file offered is called Michael.Jackson.videos.scr.
- This file is located on a legitimate Website hosted in Australia belonging to a radio broadcasting station.
- Upon executing the file, a legitimate Website at http://musica.uol.com.br/ultnot/2009/06/25/michael-jackson.jhtm is opened by the default browser in order to distract the user by presenting a news article for them to read.
What does it do?
- It downloads and installs three information-stealing components on the victims PC. Websense’s Security labs says that one of the downloaded files is called michael.gif, which has low AV detection rates.
- The malware then installs a malicious BHO that is registered with this file %windir%\Dynamic.dll and this GUID {FCADDC14-BD46-408A-9842-CDBE1C6D37EB}.
- Another component is bound to startup at %windir%\system32\kproces.exe.
- Another malicious file installed by the malware is %windir%\system32\fotos.exe.
So be careful while you watch MJ videos! Ironically, now is not the right time.
