Wednesday, April 17, 2013

Spammers Exploit Boston Marathon Bombing to Spread Malware

Warning!Click with caution if you receive unsolicited emails or find yourself wanting to click a website link related to the deadly bombing attack at the Boston Marathon on Monday.

Antivirus firms Avira and Sophos, along with email security provider AppRiver have already intercepted emails from spammers aspiring to dupe users into following malicious links by offering links to video footage of the attacks.

There are a variety of domain names and subject lines associated with this spam campaign; some of the subject lines in use are:

  • Explosion[s] at Boston Marathon

  • Boston Explosion Caught on Video

  • Aftermath to explosion at Boston Marathon

  • Video of Explosion at the Boston Marathon 2013

  • Runner captures. Marathon Explosions

  • 2 Explosions at the Boston Marathon


The body of the email appears to contain nothing more than a link pointing to a website that has legitimate videos from the attack. However, that same site is rigged with malicious code that will attempt to exploit Java plugin vulnerabilities in order to drop a backdoor Trojan on your machine.

Avira identifies the threat as TR/Crypt.ZPACK.Gen, while Sophos identifies it as Troj/Tepfer-Q.

Upon a successful infection, TR/Crypt.ZPACk.Gen (or Troj/Tepfer-Q) will modify the system registry and connect to a remote server, granting an attacker remote access to the affected PC.

Tips to Keep Your PC Safe


Avira warns that malicious links may also be posted on Facebook, so users should also exercise caution when following links shared on social networks. Here are a few other bits of advice to help keep your computer malware-free:

  • Do not click links or download files attached to unsolicited emails.

  • Stick to the official websites of your favorite news channel to get the latest updates.

  • Keep your operating system and installed third-party software fully patched and up-to-date.

  • Always run antivirus software and keep the virus definitions current.


Did You Already Fall for It?


Both Avira and Sophos offer security products capable of detecting and removing the malware being spread by these online attacks. So if you have the sinking feeling that you may have followed a bad link, you may want to try performing a full system scan using one of their products.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment