After tricking users into viewing ads through a Facebook scam, cybercriminals are again capitalizing on Steve Jobs’s death through malicious spam.
We were able to find spam that contain the text, “Steve Jobs Alive” or “Steve Jobs Not Dead.”
Another Steve Jobs-related spam we saw was written in Portuguese, which includes a short text about his death:
The text in the message above roughly translates to the following:
Subject: Creator of Steve Jobs of Apple’s Mac, iPod and iPad dies
Steve Jobs, died of cancer aged 56
The death of Steve Jobs left an orphan of most of his creations, the Apple, a company shaped in accordance with their technological dreams and now faces the challenge of surviving in the absence of its visionary leader.
More news portal in direct U.S. in Portuguese
[LINK]
All of the said messages came with a link that when clicked redirects users to a blank site. We were unable to continue our analysis at this point. In cases like this, however, a blank page is rarely ever truly blank and is often a sign that something else is happening in the background, away from the user’s view. For this particular attack, we found reports suggesting that the said site previously contained a script that loads the BlackHole Exploit kit.
We are currently monitoring all of the sites for any further development. Trend Micro product users are already protected from this threat, as the spam and the URLs are already being blocked with the aid of the Trend Micro™ Smart Protection Network™.
Based on Smart Protection Network spam data for the first half of 2011, the volume of traditional spam has been decreasing though these are still being regularly used for malicious schemes. Attacks that involve spam heavily rely on social engineering techniques as well as more advanced methods that render IP blacklisting and content filtering insufficient. For more information on the state of spam and how Trend Micro protects product users from this type of threat, please check out our security focus report, “Spam in Today’s Business World.”
