Initially, attacks were limited to unsophisticated spams, which contained no web site links or scripted payloads, according to Sophos. Instead, the spammers simply offered secret information about the star's death to the recipient, and invited a response back. Sophos deduced that the scammer was simply hoping to harvest email addresses.
F-Secure saw malware that it detected as Trojan.Win32.Buzus.bjyo begin to spread on Sunday night. The malware, which was distributed through sites including photos-google.com, was delivered as a file called Michael-www.google.com.exe which, when executed, dropped IRC bots with back door functions.
Another scam involved a spam mail that invited recipients to donate to the fictitious 'Michael Jackson Organization', and promised to publish information about how much had been donated via a
group.
Still more spam suggested that Jackson was not dead at all, and included an image that was peppered with random multicoloured lines to defeat antispam scanners. Clicking on the image took Web surfers to a pharmaceutical sales site.
The volume of searches referring to the pop star's death on Friday was so great that Google's automated systems thought that its servers were under attack. "As a result, for about 25 minutes yesterday, when some people searched Google News they saw a 'We're sorry' page before finding the articles they were looking for," the company said on its blog.
