Tuesday, July 21, 2009
Michael Jackson Malware is Not Dead Posted by Mikko @ 07:50 GMT

Michael Jackson is dead and buried, but we continue to see malware using his name.

Like this one, which was spammed out in an attachment called MichaelJackson.jpg.exe.

When opened, the executable drops a Mirc-based IRC bot and displays this image on screen:

Michael Jackson

After this, the malware connects to an IRC-server in Germany called corina.ath.cx and starts accepting commands from channel #bran.

We detect this file (MD5: 60bbc36c17edb0fb4724046655237ab8) as a Zapchast variant.

<<< Q & A on "Sexy View" SMS worm
Real-world Viruses vs Computer Viruses >>>