Michael Jackson X-file scam steals passwords

Spam email, Zbot hooks unwary Jacko fans

Security vendors have been reporting a wave of Michael Jackson spam emails designed to disseminate a Zbot banking password variant.

According to the PC Tools Threatfire blog, emails with the subject line: 'Michael Jackson Was Killed...' have been found in the security company's user community.

Within the messages recipients read:

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Security vendors have been reporting a wave of Michael Jackson spam emails designed to disseminate a Zbot banking password variant.

According to the PC Tools Threatfire blog, emails with the subject line: 'Michael Jackson Was Killed...' have been found in the security company's user community.

Within the messages recipients read:

"But Who Killed Michael Jackson? Visit X-Files to see the answer: (hxxp://xfiles link here)"

The link then redirects to a site hosted at 87.97.116.131. This is hosted in an x-file-esque directory "x-files/x-file-mjacksonkiller.exe", not live at the time of writing.

When the PC Tools users visited the site, it hosted a malformed pdf and Zbot banking password stealing variant.

PC users are reminded to keep updated third-party plugins such as PDF readers. It's never a good idea to run an executable file from an untrusted source, to click links in emails, or visit unknown sites.

PC security advice and reviews