Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us

    No less than a day or so after we discovered the spam campaign taking advantage of the Boston Marathon bombing, we came upon yet another spam campaign, very similar to the previous one except this time it uses the Texas fertilizer plant explosion as a lure.  The fertilizer plant explosion occurred a mere few days after the tragedy in Boston, with 35 suspected dead and more than 160 people injured.

    What’s disturbing about the discovery of this particular campaign is that not only does it come hot on the heels of the previous one, but the fact that they seem eerily similar to each other. Upon further analysis, we’ve discovered that the malicious URLs that the spammed mails link to have identical structures, right down to the domains. Even their spammed mails are similar to each other.

    Boston-spam-email-sample

    Fig 1. The Boston Marathon explosion spammed email

    texas-explosion--spam-sample

    Fig 2. Texas plant explosion spammed email

    The only thing distinguishing them from each other was the document file name that the URL lead to – i.e. one URL from the Boston spam campaign lead to “boston.html” while the one from Texas lead to “texas.html”. It was as if the cybercriminals chose to capitalize on the latest tragedy by simply switching names.  The malicious URLs, of course, lead to exploit landing pages that could compromise an affected user’s system.

    We’ve also noted certain Twitter accounts spreading links using keywords related to the MIT shooting in Boston. These links redirect users to various websites of dubious reputation (most adware or spam-related). Though we have yet to see these links redirect to any malware-hosting website, users must still be cautious with their social media activities.

    Tweets-MIT-shooting

    Figure 3. Tweets leading to various dubious sites

    What does this tell us? It’s simply more proof that cybercriminals view such tragedies as fodder for their socially-engineered threats. As morally deplorable as it sounds, incidents like these can be opportunities for them. The speed and audacity in which they attempted to capitalize on both events happening should be quite the wake-up call for those of us still skeptical of how cybercriminals operate.

    Users are therefore advised to keep vigilant, moreso in times of tragedy, with the knowledge that a cybercriminal is always on the lookout for his next lure and his next victim.

    Keep in mind the following practices whenever such an event occurs:

    • Never click on or open any suspicious mails that seem to be from suspicious sources.
    • Never click on links or attachments from those suspicious emails.
    • Never rely on search engines for specific news items, go to your bookmarked news websites directly instead.

    We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice