It's inevitable now, with any high-profile news event that there will be spam and malware campaigns to take advantage of them. Thus it has been with the death of Michael Jackson.

F-Secure reports that there have been a couple of malware campaigns and they show an example of one of them, which they detect as Trojan.Win32.Buzus.bjyo.

There is nothing technically interesting about these attacks. They are mundane, pedestrian Trojan droppers. The one F-Secure writes up is a file named Michael-www.google.com.exe. This file has been distributed through photos-google.com and possibly also through photo-msn.org, facebook-photo.net and orkut-images.com. Don't visit these sites.

If you run Michael-www.google.com.exe it drops reptile.exe and winudp.exe, which are backdoor IRC bots, and which display a fake error message dialog box: "Picture cannot be displayed."

There have been others and there will be more and they're not all worth writing about. The important thing is that you be skeptical of links and sites that play on hot news topics, especially from search engines, since we know well how these can be manipulated to serve malicious results.

Don,

This just shows that there's a sucker born every minute.  Users know not to execute remote files, but then forget about it when a celebrity dies?  I think I'd be prone to fire any users that fell for this.  For one they're using company resources to research the Jackson death.  I'm guessing this is against policy.  How much leeway should you give a user who violates company IT policy and compromises the network at the same time?