You probably think the person or people behind the Boston Marathon bombing are reprehensible scum?
Well, meet their cousins – the slimebags behind the latest malware-distributing spam run we have seen ramp-up overnight.
Members of the AVG Web Threats Research team have discovered spam messages using the Boston Marathon explosion to lure potential victims to malware and exploits. These spam messages are very simple with a Subject of “Explosion at Boston Marathon”, and the message consists of just a numeric URL ending in “/boston.html” or “/news.html”.
There may be other URL patterns we have not seen yet, or the scum behind this scam may alter the URL format as the ongoing spam run progresses. So, please do not assume that just because the message you received about the Boston Marathon bombing with a different looking URL is therefore probably safe!
Clicking the link in the email message takes potential victims to the following webpage:
“Hot News::Videos of Explosions at the Boston Marathon 2013″
The page contains the following:
- An automatic download for a malicious executable. This is currently named “boston.avi_______.exe” but again, that may change.
- Four links to Youtube videos of explosions at the Boston Marathon.
- An IFrame to a Redkit Exploit Kit page.
Depending on the configuration of your web-browser, the automatic download might be automatically and silently saved to your “downloads” folder, or it may cause a confirmation dialog to appear asking you to save the “Boston.avi exe” to a file.
Choosing to run this program would certainly not be a good idea. While performing the initial analysis of this scam, the file that was being downloaded was a Trojan and will start sending out spam as soon as it is run. It was poorly detected by virus scanners.
Fortunately for those running AVG security products, LinkScanner detects and blocks the Redkit exploit kit page in the IFrame, alerting them to not run the program file presented to them.
Heed this advice to avoid downloading and distributing the malware.
AVG Web Threats Research Group
Leave a reply