Published June 30, 2009
SAN JOSE, Calif. – Minutes after any big celebrity dies, Internet swindlers get to work. They pump out specially created spam e-mails and throw up malicious Web sites to infect victims' computers, hoping to capitalize on the sudden high demand for information.
Michael Jackson's death was no different, and security experts say the fraud artists are just getting started.
The scams started cropping up almost instantaneously as Jackson's death was still hitting the news. As days have gone by, they've gotten more sophisticated — and dangerous.
Jackson's death "took a lot of people by surprise — the spammers, too," said Dermot Harnett, principal analyst for anti-spam engineering at Symantec Corp., a security software maker. "It might take them some time to really pounce on this issue. They are catching up pretty quickly, though."
Any major world event, such as the recent protests in Iran, triggers a barrage of Internet attacks. Security experts say the malicious traffic associated with Jackson's death will likely match and perhaps exceed those of other big spamming campaigns, such as those connected with the swine flu outbreak and Saddam Hussein's execution.
Spam is the most common way for fraudsters to find victims after these types of events. They can use a shotgun approach with a boilerplate message about Jackson, taking advantage of people's interests in the topic to improve their batting average over their usual spam campaigns.
By enticing users with such messages and tricking them into clicking on e-mail attachments, scammers can easily infect victims' computers and take command of them for more nefarious activities.
The spam about Jackson's death gets more convincing every day.
One message promises a YouTube video showing the exclusive "last work of Michael Jackson." Instead, victims get a malicious program that steals their passwords. Another promises to show the "latest unpublished photos" of Jackson if you click on a link — one that also tries to install a password-stealing program on your machine.
Others purport to be from legitimate news outlets and may contain accurate enough information to convince viewers they're real enough to click on. Others promise access to secret songs.
The effects of specific spam campaigns, like the one surrounding Jackson's death, are hard to quantify, though. Spam levels are already so high that there might not be a noticeable increase in overall spam levels, Harnett said. By some estimates spam accounts for more than 90 percent of all e-mail sent around the world, though the bulk of the messages get filtered out before ever reaching the user.
Celebrity deaths are a gold mine for criminals because lots of people go online looking for news. Google Inc. says the spike in searches for news stories about Jackson's death was so sharp the company initially mistook it for an automated attack.
Many of the information-seekers can be tricked, via e-mail, into visiting malicious Web sites. That opens the door to all kinds of nastiness, like spying on what someone's typing or using the hijacked machine to send spam.
There are also so many more Web sites about celebrities after their deaths that it's hard to figure out which ones are legitimate fan sites, and which ones were created by criminals.
Registrations of domain names related to Jackson have spiked since the pop icon died Thursday afternoon. A leading registration company, GoDaddy.com, said it registered about 7,500 such names since then. Actress Farrah Fawcett, who died the same day, got about 100 domains in the same period. GoDaddy said, however, that it had yet to get any complaints that any of those addresses were used for scams.
Within minutes of Jackson's death hitting the news, scammers started sending out spam e-mails with links purportedly to provocative news stories or videos about Jackson. The news stories, of course, never appear. Instead, people who click on those links are often directed to sites that try to install viruses.
Another thing to remember: It's not wise even to just "check out" a link you're interested in if you suspect the site might be bogus. Sometimes just visiting a malicious Web site is enough to get you infected, and you don't need to actively download anything at all.
Many scams do ask people to download a video player or other piece of software — supposedly so they can see the video or hear the audio — that winds up being a piece of malicious software.
The lesson for users is, as always, avoid unsolicited links from senders you don't know, and don't install any programs that an unknown site is telling you need.