With a malicious spam campaign, blackhat SEO search results poisoning which is serving scareware within the first 100 search results for Michael Jackson's death, and an opportunistic participant in Zango adware's network using typosquatting, malicious activity is prone to increase during the next couple of days.
Here are more details on the campaigns currently in circulation:
A second, non-malicious spam campaign using a Michael Jackson theme is being spammed from legitimate emails in a desperate and amateur-ish attempt to harvest the emails of those who reply back - a practice which became obsolete with the time due to the much more sophisticated email harvesting techniques spammers have in a Web 2.0 world for instance.
- Go through related event-based social engineering campaigns serving malware: Fake CNN news items malware campaign spreading rapidly; Fake Microsoft patches themed malware campaigns spreading; Fake "Conficker Infection Alert" spam campaign circulating; Cybercriminals hijack Twitter trending topics to serve malware; Cybercriminals syndicating Google Trends keywords to serve malware; Swine flu email scams circulating; The Web’s most dangerous keywords to search for
Based on historical performance by this Ukrainian group of cybercriminals, the number of keywords and phrases using Michal Jackson as a theme will inevitably increase during the weekend.
Excluding the several registered typosquatted domains offered for sale, one exception (michael-jackson-is-dead (dot) net) is promoting a "shocking video" which in reality is a Zango adware toolbar.
Mixing social engineering tactics with different traffic acquisition tactics such as a combination of potentially popular keywords/phrases, next to pushing the malicious content through spam is opportunistic cybercrime as usual. However, with the Web feeling the "Michael Jackson effect" -- Twitter killing features and Google issuing anti-worm activity CAPTCHA messages for related searches -- even a badly structured and executed malware campaign will succeed due to the huge anticipated traffic unless a little bit of extra common sense is in place.
Whether it's bad news or good news, for cybercriminals it's always news items to hijack and serve malicious content through.