Thank's Sherry I have (l)users that would go there! Jon
On Fri, Jun 26, 2009 at 10:49 AM, Sherry Abercrombie <[email protected]>wrote: > *We received this notification from Websense this morning. I thought it > was pertinent information that should be passed on. > ****<http://[email protected]> > *d011 > > > *From:* Websense Security Labs [mailto: > [email protected]] > *Sent:* Friday, June 26, 2009 7:09 AM > *To:* Duke, Brian > *Subject:* Security Alert: Michael Jackson Death Prompts Malicious Spam > > > > Websense Security Labs(TM) ThreatSeeker(TM) Network has discovered spam > emails offering recipients links to unpublished videos and pictures of > singer Michael Jackson. According to news > reports<http://edition.cnn.com/2009/SHOWBIZ/Music/06/25/michael.jackson/index.html>Michael > Jackson's death was confirmed yesterday. > > The spam email appears to offer a link to a YouTube video, but instead > sends the recipient to a Trojan Downloader hosted on a compromised Web site. > The file offered is called *Michael.Jackson.videos.scr* (MD5: > 664cb28ef710e35dc5b7539eb633abca). This file is located on a legitimate Web > site hosted in Australia belonging to a radio broadcasting station. Upon > executing the file, a legitimate Web site at > http://musica.uol.com.br/ultnot/2009/06/25/michael-jackson.jhtm is opened > by the default browser in order to distract the user by presenting a news > article for them to read. > > In the background, three further information-stealing components are > downloaded and installed by the malware. One of the downloaded files is > called *michael.gif*, which has low AV detection rates - see VT results > here<http://www.virustotal.com/analisis/67cba7b9d91e1cbcac0f22b5f4bcf12f4b07a1a62d7d3018e28ccd5ee93e0ce4-1246012313>. > The malware then installs a malicious BHO that is registered with this file > *%windir%/Dynamic.dll* and this GUID > {FCADDC14-BD46-408A-9842-CDBE1C6D37EB}. Another component is bound to > startup at *%windir%\system32\kproces.exe*. Another malicious file > installed by the malware is *%windir%\system32\fotos.exe*. > > Websense® Messaging and Websense Web Security customers are protected > against this attack. > > To view the details of this alert Click > here<http://securitylabs.websense.com/content/Alerts/3426.aspx> > > Protected by Websense Hosted Email Security — www.websense.com > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
