Despicable, but it’s always inevitable in the wake of any human tragedy. Cyberslugs (I won’t elevate them to cybercriminal status, though they are certainly criminals) are using the Boston Marathon bombing to spread malware. Spam emails claim to contain a link to video of the bombing. The links vary but take you to a website that attempts to infect your computer with a Trojan horse. The videos are, in fact, real YouTube videos that disguise the malicious activity.
Subject lines of the emails vary, but include:
- 2 Explosions at Boston Marathon
- Aftermath to explosion at Boston Marathon
- Boston Explosion Caught on Video
- Video of Explosion at the Boston Marathon 2013
According to Sophos’s blog, nakedsecurity:
If installed, the malware makes changes to the Registry and installs the following files, allowing hackers to gain remote access to infected computers:
<System>\drivers\npf.sys
<System>\Packet.dll
<System>\wpcap.dllThe file NPF.sys is registered as a new service named “NPF”, with a display name of “WinPcap Packet Driver (NPF)”.
Never accept “news” from other than legitimate news sources, especially not from unsolicited emails.