Last night we began to see malicious spam sent from the Pushdo botnet with a Michael Jackson/X-Files theme. The spam message asks the question 'Who killed Michael Jackson?' then provides a link that will supposedly give you the answer.
Clicking on the link will lead to the page shown below. there is a link to the file 'x-file-MJacksonsKiller.exe'. This is actually the ZBot password stealing Trojan horse which the Pushdo botnet has been distributing a lot over the last couple of weeks.
Although this web page may look nice with its matrix-like amimation, behind the scenes the web page attempts to install ZBot on visitors machines using either the MS06-014 (MDAC) exploit if the browser is Internet Explorer or a malicious PDF file for Firefox.
We have provided a list of domains that we have seen hosting these websites for administrators who wish to block them.
As we mentioned in our last blog, avoid opening or clicking on links relating to outrageous claims about celebrities.
