Michael Jackson is dead and buried, but we continue to see malware using his name.

Like this one, which was spammed out in an attachment called MichaelJackson.jpg.exe.

When opened, the executable drops a Mirc-based IRC bot and displays this image on screen:



After this, the malware connects to an IRC-server in Germany called corina.ath.cx and starts accepting commands from channel #bran.

We detect this file (MD5: 60bbc36c17edb0fb4724046655237ab8) as a Zapchast variant.