Spammers use bombing video as lure to infect PCs with malware

Posted by Geraldine Hunt on Wed, Apr 17th, 2013

The Boston bombing claimed the lives of three innocent people on Monday , this tragic  
incident is is already being used by cybercriminals  in an attempt to lure people into clicking malicious links embedded in emails with subject lines related to the bombing. In SpamTitan quarantine reports some of the email titles we have been seeing include “Boston Explosion caught on video “or “Explosion at Boston Marathon containing links that suggest they are pointing to news websites. Unsuspecting users that click on the links are taken to a page that displays YouTube videos covering the bombings.

While there’s nothing malicious about the clips themselves, after a 60-second delay, the website prompts victims to download an executable file called “boston.avi____exe”. Once it infects a computer, this piece of malware attempts to connect to several IP addresses in Taiwan, Argentina and Ukraine. SpamTitan users are protected from these type of attacks. SpamTitan blocks the attack using multi-level detection including Antispam, Baysean analysis, antivirus (AV). The double antivirus in SpamTitan detects the downloaded file and isolates.

Events that get widespread attention will see cybercriminals attempting to capitalize on the event.

Anytime there is widespread attention to a single event you will see parasitic cybercriminals attempting to capitalize on the event. While many people with powerful anti spam and email security solutions in place will not see these emails, there are many companies without adequate email security that will see their end users receive these message and inadvertently click.  This type of attack preys on that human element. The reaction to the Boston bombings is an example of this – the dust has barely settled on the streets of Boston, and spammers and other cybercriminals are launching their own assault on those interested in getting more information about the tragic event.

The SANS Technology Institute’s Internet Storm Center (ISC) has also issued an advisory to warn users about fake domains registered shortly after the attack in Boston. The ISC’s John Bambenek reports that at least 234 potentially fake domains have been registered. 'Some of these are just parked domains, some are squatters who are keeping the domains from bad people. A couple are soliciting donations’ said  Bambenek .

Some basic rules to avoid falling victim to scams:

• Don’t click on links or attachments that arrive in unsolicited emails;
• beware of new websites related to the event, especially charities and news sites;
• Don’t donate money to charities you don’t trust;
• Don't trust any unsolicited email, ever.
• Never “unsubscribe” from a service you haven’t subscribed for in the first place. You are literally handing your email address to spammers to use for future and possibly more targeted attacks.
• thoroughly check out an organization before giving it any money;
• Avoid forwarding/sharing / retweeting suspicious emails/posts, especially if they contain links.

Criminals are using a variety of formats including emails containing links to malware infected sites and email containing infected attachments. People are actively searching on-line for information about the recent bombing and demand for information offers an opportunity for cybercriminals. The spammers intention is not to share information about the bomb blast but to exploit a terrible tragedy to spread malware. Don’t fall prey to such despicable acts!