Malicious Spam Exploits Fake Celebrity Deaths

Miley Cyrus is fine. Beyoncé did not perish in a plane crash. Brad Pitt did not meet an untimely demise. Everyone take a deep breath and–whatever you do–do NOT click on any file or link that arrives as a part of a sensational e-mail declaring a celebrity death.

A Symantec spokesperson reported via e-mail that Symantec is “currently tracking an eruption on the spam ring of stories of celebrities dying in plane crashes or car accidents.” The strategy of exploiting hyperbolic news headlines–whether fiction or reality–is part of the standard malware playbook. Gullible users continue to fall for the oldest spam trick in the book, though, which is why it is still used so frequently.

If the spam arrives anything like these attacks hit my wife’s computer, a user would have to be a whole new level of gullible to fall prey. Receiving an e-mail claiming that Tom Cruise is dead might be inviting, but when your inbox is inundated with ten or fifteen messages in a row–each with essentially the same subject line declaring various celebrities dead–it should be a glaring signal that something isn’t right.

The content of the e-mail is also a strong indication that the message is a malicious spam attack for all but the most naïve users. One message my wife received, with the subject line “Miley Cyrus died”, reads “Alicia Keys died along with 34 other people when the Air Force CT-43 “Bobcat” passenger plane carrying the group on a trip crashed into a mountainside while approaching the Dubrovnik airport in Croatia during heavy rain and poor visibility.”

I don’t expect everyone to know the history of military aircraft crashes off the top of their head, but this spam attack is actually distorting a true life crash in an attempt to lend an air of credibility to the report. A US Air Force CT-43 (a modified Boeing 737) did, in fact, crash in inclement weather on approach to Dubrovnik airport in Croatia. However, the real crash occurred in April of 1996 and killed US Secretary of Commerce Ron Brown and 34 other passengers–not Jay-Z or Jennifer Aniston.

Even without knowing that bit of airplane tragedy trivia, though, the fact that the subject line mentions Miley Cyrus, but the message content starts off with Alicia Keys is a tip-off that perhaps the e-mail is not legitimate. If you get past that point, you have to wonder what Miley Cyrus (or Alicia Keys…or both) were doing on an Air Force transport plane flying into Croatia.

If gullible or naïve users fall for the bait and click on the file attachment, there is a good chance the computer will be compromised with malware. A Symantec Security Response blog post explains that “Upon opening the zipped attachment named “[REMOVED]Hot News.zip,” we find an executable. The malicious content is detected as Trojan.Zbot by Symantec antivirus products.”

Once again, this malicious spam campaign demonstrates why IT admins need to make sure users have security awareness training. Most of computer security boils down to being informed and exercising common sense. No amount of security tools or antimalware defenses can make up for ignorance or user error.