Michael Jackson has been dead for a week already, but there are still a lot of speculations regarding his death. The spam runs are plenty as well — a Michael Jackson-related spam was seen bearing the subject Who killed Michael Jackson? , coming from a sender named x-files.
The spam message suggests that the icon was killed, and that information on who murdered him can be seen on the given URL.
Clicking the said link leads to a website, where the user is asked to execute a file, which supposedly contains secret information, in order to find out who killed Michael Jackson.
But of course, the executable is not at all related to Michael Jackson’s murderer, or to Michael Jackson at all, as the file is really an data-stealer detected by Trend Micro as TROJ_ZBOT.AXY. The Trojan TROJ_ZBOT.AXY connects to a certain URL where it downloads a configuration file containing a list of banking-related websites. Once the user attempts to visit any of the listed sites, a spoofed site is displayed instead of the real one, thus any critical information entered on the spoofed site will be sent to a remote user.