Where to Buy Trend Micro Products

For Home

For Small Business

1-888-762-8736
(M-F 8:00am-5:00pm CST)

For Enterprise

1-877-218-7353
(M-F 8:00am-5:00pm CST)

Not in the United States?
Select the country/language of your choice:

Asia Pacific Region

Europe

The Americas

Not in the United States?
Select the country/language of your choice:

Asia/Pacific

Europe

America

Login

For Home

For Business

For Partners

Threat Encyclopedia

Spam Attack Leverages Boston Marathon Bombing

ANALYSIS BY

Jude Israel Bordallo


The April 2013 Boston Marathon bombing was a tragedy that shook the world, but for cybercriminals, it's only another lure for their malicious activities. We recently discovered a spam campaign that takes advantage of the media buzz and social outrage about the event. The spammed mail sports the subject '2 explosions at Boston Marathon' sports a single hyperlink in its body. Should the recipient click the link supplied in the spammed email, it will redirect into a page featuring embedded videos of the event. During the redirection, it will connect to a malicious URL to automatically download malicious files and then execute them.

The downloaded malware hides path directories on any USB drives attached to the affected system and replaces them with an .LNK file. This file then executes the downloaded malware whenever the user tries to open a particular folder or path.

Users are once again reminded to always be vigilant and to anticipate threats like these whenever news events break out. The spammed mails and the malware payloads are already detected and blocked by Trend Micro.

Further analysis of the first spam campaign mentioned in this blog post has indicated that while it uses exploits, it does not specifically use the Blackhole Exploit Kit.

SPAM BLOCKING DATE / TIME: 17 Apr 2013 08:07:00 AM GMT-8
TMASE INFO

  • ENGINE:7.0
  • PATTERN:9804

Featured Stories

Connect with us on