Yesterday, amid the heavy Michael Jackson news coverage and tabloid autopsy speculations, another round of email was spammed out with the following text:
Michael Jackson Was Killed…
But Who Killed Michael Jackson?
Visit X-Files to see the answer:
(hxxp://xfiles link here)
The link redirected to a site hosted at 87.97.116. 131 in an x-file-esque directory “x-files/x-file-mjacksonkiller.exe”, which is currently down. The site hosted a malformed pdf and Zbot banking password stealing variant. The ThreatFire community prevented the file in very low prevalence, so very few users are falling for this sort of shameless scam. But we remind you to always think twice before running an unknown executable or visit an untrusted site (the url for this one is most likely not a domain one would recognize: jillih. com), regardless of the news. And update third party plugins on your system like pdf readers.
Update (7/8/09): hooks added to the Zbot code described here.
i need the direct link to the downloading page to send it to a friend
can’t seem to connect to 87.97.116 .131
Florin – thanks for the interest. Hmmm, are you kidding around perhaps? Either way, we don’t recommend visiting the malicious site that we described in the post. Besides, we believe that Zbot is no longer hosted at the site, it’s been months since we posted that info.