Computer security firm Sophos issued a warning about an Internet virus transmitted from a mass email claiming to contain secret songs and photos of Michael Jackson.

The email comes with the subject "Remembering Michael Jackson" and is sent from "sarah@michaeljackson.com", Sophos said in a statement sent by its Asia office in Singapore.

It tells recipients that an attached file titled "Michael songs and pictures.zip" contains secret songs and photos of the pop music icon, who died of a heart attack in the United States on June 25.

Sophos warned computer users not to open the attachment.

"By opening the attachment, computer users are exposed to infection. Once infected, a computer will begin automatically spreading the worm onto other Internet users," Sophos said.

"Besides spreading via email, Sophos experts note that the malware is also capable of spreading as an Autorun component on USB memory sticks."

Graham Cluley, a senior technology consultant at Sophos, said many computer users are likely to be tempted to open the attachment because of the feverish interest in the King of Pop's sudden death.

"But sensible computer users should by now be well aware that cybercriminals will be quick to exploit news events to spread malware and spam," he said.

"Anyone who receives this email should delete it immediately to save themselves the embarrassment of infecting their email contacts."

Our Comment: Never open attachments from people you don't know or aren't expecting. It never ends well.

Original Article

Posted by Nancy Pursley in Virus & AntiVirus News at 11:59

Spammers are pumping out an increasing number of garbage messages as they regain their capacity to send spam through hacked PCs, according to the latest statistics released by Google on Wednesday.

Google releases quarterly statistics from its Postini antispam group. For the second quarter, spam volumes are up 53 percent over the first quarter of this year, said Adam Swidler, product marketing manager for Google Enterprise.

Compared to the same period a year prior, spam volumes are up 6 percent. Google posted more information about spam on its enterprise blog.

Google filters around 3 billion to 3.5 billion spam messages a day for its 50,000 or so customers. Spam volumes have been increasingly erratic as some ISPs notorious for allowing spammers to use their infrastructure have been taken offline, Swidler said.

Last month, the U.S. Federal Trade Commission persuaded a federal court to issue a temporary restraining order to shut down Pricewert, an ISP that did business under the names 3FN and APS Telecom. The FTC said Pricewert was entwined with child pornographers, hackers and malicious software developers.

Swidler said Google immediately noticed a 30 percent drop in spam following the shutdown. Pricewert's closure cramped spammers' capacity to send spam through compromised home computers that form botnets.

Posted by Nancy Pursley in Virus & AntiVirus News at 08:32

The settlement must still be approved by a court

The Federal Trade Commission has suspended the majority of a judgment levied against two defendants accused of selling bogus security software to up to 1 million consumers.

James Reno and his Web hosting company, ByteHosting Internet Service of Ohio, now have to forfeit $116,697, just a fraction of the $1.9 million the judgment had originally required Reno and the company to pay. The settlement must still be approved by a court, the FTC said.

The rest of the penalty was suspended because the defendants wouldn't be able to pay it all, the agency said. However, if it is found that Reno and the company misrepresented their assets, they will have to pay the full amount.

More than $100,000 in assets were frozen after a federal court issued a temporary restraining order in December following the FTC complaint. Among other conditions, the court ordered six people and two companies to stop advertising so-called "scareware" security programs under the names WinFixer, WinAntivirus, DriveCleaner, ErrorSafe and XP Antivirus.

The applications are sold via deceptive pop-up ads that falsely alert people that their PCs have security problems, badgering them with warnings until they buy the software, which can cost around $40.

The FTC complaint asked hosting providers to prevent people from accessing the Web sites that host the programs. The FTC asked the court to force the defendants to forfeit money from the scam and compensate consumers.

Posted by Nancy Pursley in Virus & AntiVirus News at 09:44

Minutes after any big celebrity dies, Internet swindlers get to work. They pump out specially created spam e-mails and throw up malicious Web sites to infect victims' computers, hoping to capitalize on the sudden high demand for information.

Michael Jackson's death was no different, and security experts say the fraud artists are just getting started.

The scams started cropping up almost instantaneously as Jackson's death was still hitting the news. As days have gone by, they've gotten more sophisticated — and dangerous.

Jackson's death "took a lot of people by surprise — the spammers, too," said Dermot Harnett, principal analyst for anti-spam engineering at Symantec Corp., a security software maker. "It might take them some time to really pounce on this issue. They are catching up pretty quickly, though."

Any major world event, such as the recent protests in Iran, triggers a barrage of Internet attacks. Security experts say the malicious traffic associated with Jackson's death will likely match and perhaps exceed those of other big spamming campaigns, such as those connected with the swine flu outbreak and Saddam Hussein's execution.

Spam is the most common way for fraudsters to find victims after these types of events. They can use a shotgun approach with a boilerplate message about Jackson, taking advantage of people's interests in the topic to improve their batting average over their usual spam campaigns.

By enticing users with such messages and tricking them into clicking on e-mail attachments, scammers can easily infect victims' computers and take command of them for more nefarious activities.

The spam about Jackson's death gets more convincing every day.

One message promises a YouTube video showing the exclusive "last work of Michael Jackson." Instead, victims get a malicious program that steals their passwords. Another promises to show the "latest unpublished photos" of Jackson if you click on a link — one that also tries to install a password-stealing program on your machine.

Others purport to be from legitimate news outlets and may contain accurate enough information to convince viewers they're real enough to click on. Others promise access to secret songs.

The effects of specific spam campaigns, like the one surrounding Jackson's death, are hard to quantify, though. Spam levels are already so high that there might not be a noticeable increase in overall spam levels, Harnett said. By some estimates spam accounts for more than 90 percent of all e-mail sent around the world, though the bulk of the messages get filtered out before ever reaching the user.

Celebrity deaths are a gold mine for criminals because lots of people go online looking for news. Google Inc. says the spike in searches for news stories about Jackson's death was so sharp the company initially mistook it for an automated attack.

Many of the information-seekers can be tricked, via e-mail, into visiting malicious Web sites. That opens the door to all kinds of nastiness, like spying on what someone's typing or using the hijacked machine to send spam.

There are also so many more Web sites about celebrities after their deaths that it's hard to figure out which ones are legitimate fan sites, and which ones were created by criminals.

Posted by Nancy Pursley in Virus & AntiVirus News at 09:10