The Latest in IT Security

Cruel Boston Marathon spam lures users to exploit pages

17
Apr
2013

You probably think the person or people behind the Boston Marathon bombing are reprehensible scum?

Well, meet their cousins – the slimebags behind the latest malware-distributing spam run we have seen ramp-up overnight.

Members of the AVG Web Threats Research team have discovered spam messages using the Boston Marathon explosion to lure potential victims to malware and exploits. These spam messages are very simple with a Subject of “Explosion at Boston Marathon”, and the message consists of just a numeric URL ending in “/boston.html” or “/news.html”.

There may be other URL patterns we have not seen yet, or the scum behind this scam may alter the URL format as the ongoing spam run progresses. So, please do not assume that just because the message you received about the Boston Marathon bombing with a different looking URL is therefore probably safe!

Clicking the link in the email message takes potential victims to the following webpage:

“Hot News::Videos of Explosions at the Boston Marathon 2013″

The page contains the following:

  1. An automatic download for a malicious executable. This is currently named “boston.avi_______.exe” but again, that may change.
  2. Four links to Youtube videos of explosions at the Boston Marathon.
  3. An IFrame to a Redkit Exploit Kit page.

Depending on the configuration of your web-browser, the automatic download might be automatically and silently saved to your “downloads” folder, or it may cause a confirmation dialog to appear asking you to save the “Boston.avi exe” to a file.

Choosing to run this program would certainly not be a good idea. While performing the initial analysis of this scam, the file that was being downloaded was a Trojan and will start sending out spam as soon as it is run. It was poorly detected by virus scanners.

Fortunately for those running AVG security products, LinkScanner detects and blocks the Redkit exploit kit page in the IFrame, alerting them to not run the program file presented to them.

Heed this advice to avoid downloading and distributing the malware.

AVG Web Threats Research Group

Leave a reply


Categories

SATURDAY, DECEMBER 14, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments