Michael Jackson Video Leads to Malware Download

Cybercriminals once again used the passing of Michael Jackson, the ‘King of Pop,’ a few days ago as an opportunity to go about with their malicious activities and attack innocent users.
We spotted an email (see Figure 1 below) about Michael Jackson’s death written in Spanish claiming to be from CNN Mexico.

Upon closer analysis (see Figure 2 above), we found that the sender of the email isn’t valid – info@hi5.com which is a spammed sender. The email also contained accurate information about Michael Jackson, buying itself credibility in order to lure users into clicking the links contained within the message.
The said email also contained a suspicious-looking link to an ‘exclusive CNN video’ about the event. Most of the other links on the spammed message were inaccessible and could not display the correct website. But one link—el sitio en internet TMZ (translated to English: ‘found in the TMZ website’)—which was a link to the site where the video is supposedly hosted but it redirects the user to another malicious site—http://{BLOCKED}.com/openbb/avatars/imagen/CNN/indexx.php. The threat in the said page is detected by Trend Micro as HTML_DLOADR.ARM. (continue reading...)