The Latest in IT Security

“Boston Marathon” spam / askmeaboutcctv.com

17
Apr
2013

This pretty shameful Boston marathon themed spam leads to malware on askmeaboutcctv.com:

Sample 1:

From: Graham Jarvis [mailto:[email protected]]
Sent: 17 April 2013 09:49
Subject: Video of Explosion at the Boston Marathon 2013

hxxp:||61.63.123.44/news.html
Sample 2:

From: Sally Rasmussen [mailto:[email protected]]
Sent: 17 April 2013 09:49
To: UK HPEA 2
Subject: Aftermath to explosion at Boston Marathon

hxxp:||190.245.177.248/news.html
(Note that the payload links have been lightly obfuscated, don’t click them).

If you click the link you see a set of genuine YouTube videos. However, the last one seems blank because it is in fact a malicious IFRAME to [donotclick]askmeaboutcctv.com/wmiq.html  (report here) which appears to be on a legitimate but hacked site. The server seems to be overloaded at the moment which is a good thing I suppose.



Some more sample subjects and links:
Subject: Video of Explosion at the Boston Marathon 2013
Subject: Aftermath to explosion at Boston Marathon
Subject: Explosion at Boston Marathon
Subject: Explosions at the Boston Marathon

[donotclick]46.233.4.113/boston.html
[donotclick]37.229.92.116/boston.html
[donotclick]188.2.164.112/news.html
[donotclick]109.87.205.222/news.html

I would advise blocking these IPs and domains. Be vigilant against this kind of attack, also bear in mind that the bad guys might try to exploit Margaret Thatcher’s funeral and the London Marathon in the same way.

Leave a reply


Categories

FRIDAY, JULY 19, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks