NEWS FROM THE LAB - Monday, June 29, 2009

Michael Jackson Malware Posted by Mikko @ 08:36 GMT

There has been a couple of malware attacks that have tried to use the news coverage of the death of Michael Jackson as the lure to get people infected.

Last night we saw this one: a file called Michael-www.google.com.exe. This file was distributed through a site called photos-google.com and possibly also through photo-msn.org, facebook-photo.net and orkut-images.com. Do not visit these sites.

When executed, Michael-www.google.com.exe drops files called reptile.exe and winudp.exe. These are IRC bots with backdoor capability. The file also shows this fake error message:

michael jackson malware

We detect the dropper and the backdoors as Trojan.Win32.Buzus.bjyo.