The Boston bombing claimed the lives of three innocent people on Monday , this tragic
incident is is already being used by cybercriminals in an attempt to lure people into clicking malicious links embedded in emails with subject lines related to the bombing. In SpamTitan quarantine reports some of the email titles we have been seeing include “Boston Explosion caught on video “or “Explosion at Boston Marathon containing links that suggest they are pointing to news websites. Unsuspecting users that click on the links are taken to a page that displays YouTube videos covering the bombings.
While there’s nothing malicious about the clips themselves, after a 60-second delay, the website prompts victims to download an executable file called “boston.avi____exe”. Once it infects a computer, this piece of malware attempts to connect to several IP addresses in Taiwan, Argentina and Ukraine. SpamTitan users are protected from these type of attacks. SpamTitan blocks the attack using multi-level detection including Antispam, Baysean analysis, antivirus (AV). The double antivirus in SpamTitan detects the downloaded file and isolates.
Anytime there is widespread attention to a single event you will see parasitic cybercriminals attempting to capitalize on the event. While many people with powerful anti spam and email security solutions in place will not see these emails, there are many companies without adequate email security that will see their end users receive these message and inadvertently click. This type of attack preys on that human element. The reaction to the Boston bombings is an example of this – the dust has barely settled on the streets of Boston, and spammers and other cybercriminals are launching their own assault on those interested in getting more information about the tragic event.
The SANS Technology Institute’s Internet Storm Center (ISC) has also issued an advisory to warn users about fake domains registered shortly after the attack in Boston. The ISC’s John Bambenek reports that at least 234 potentially fake domains have been registered. 'Some of these are just parked domains, some are squatters who are keeping the domains from bad people. A couple are soliciting donations’ said Bambenek .
Criminals are using a variety of formats including emails containing links to malware infected sites and email containing infected attachments. People are actively searching on-line for information about the recent bombing and demand for information offers an opportunity for cybercriminals. The spammers intention is not to share information about the bomb blast but to exploit a terrible tragedy to spread malware. Don’t fall prey to such despicable acts!
Sign-up for email updates...