Security vendors have been reporting a wave of Michael Jackson spam emails designed to disseminate a Zbot banking password variant.
According to the PC Tools Threatfire blog, emails with the subject line: 'Michael Jackson Was Killed...' have been found in the security company's user community.
Within the messages recipients read:
"But Who Killed Michael Jackson?
Visit X-Files to see the answer:
(hxxp://xfiles link here)"
The link then redirects to a site hosted at 220.127.116.11. This is hosted in an x-file-esque directory "x-files/x-file-mjacksonkiller.exe", not live at the time of writing.
When the PC Tools users visited the site, it hosted a malformed pdf and Zbot banking password stealing variant.
PC users are reminded to keep updated third-party plugins such as PDF readers. It's never a good idea to run an executable file from an untrusted source, to click links in emails, or visit unknown sites.