National tragedy spawns email-borne malware attacks

April 19, 2013

Tragedy is usually a time where people come together and triumph over hardship, but things are a bit different in what The Register calls "the scummier end of the online community." The news source said many hackers and cybercriminals were quick to use the Boston Marathon bombing to bait people into clicking on malware-laden links. Within 24 hours of the bombing, the Internet Storm Center said there were 234 fake domains and plenty of email security issues across the net.

John Bambenek, ISC member and founder of Bambenek Consulting, said many of the domains were bought to prevent people from using them for profit. The Register said, however, that not everyone had good intentions in the wake of the attack, as malware distributors promptly sent emails to get people to click on links that would infect their computers.

Many of the biggest security companies across the world warned users that the Windows Trojan Tepfer was being sent in an email titled "Explosion at Boston Marathon." The link comes with an IP address and HTML page ending in "news.html" or "boston.htm" which leads to a page full of videos that eventually installs a Trojan virus on the computer.

"Not to be left out, scammers are trying to seed a second piece of malware, this time a JAR file aimed at getting past flaws in Oracle's Java," The Register said. "This URL, in a similar format, redirects the user to three other URLs that try and install the malware if it detects an unpatched vulnerability. Oracle released a combination patch for Java on Tuesday and users are advised to get it installed."

Got Postini? Why a Cloud Application Provider’s Security May Not Be Good Enough.