Wave of Online Frauds Follow Boston Tragedy, Reports Trend Micro

According to Trend Micro the security company, after the terrible bombing of April 15, 2013 during the marathon race at Boston (USA), cyber-criminals have been launching e-mail scams exploiting the incident.

In merely 24-hrs since the disastrous event, security researchers at Trend Micro noticed a spate of over 9,000 spam mails connecting to the BlackHole Attack Toolkit while commonly using the tragedy as their subject.

A few spam mails depicted the headers "Video of Explosion at the Boston Marathon 2013," or "Aftermath to explosion at Boston Marathon."

The junk e-mails merely included one web-link that asked end-users to take down certain file, actually harmful and identified as WORM_KELIHOS.NB obtainable through drive-by downloads.

Threat Response Engineer Aisa Escober at TrendLabs says the web-link's Internet Protocol appears different whenever it's accessed, while it bears an association with the discoveries of Kaspersky Lab. There's a common behavior pattern as also identical file-size of the download URL, only the icons utilized along with the filenames become altered, Escober adds. Scmagazineuk.com published this during the 3rd-week of April 2013.

Escober further says TrendLab's examination as well reveals that WORM_KELIHOS.NB conceals each-and-every directory that any attached detachable drive contains while substituting them all by one .LNK file depicted as a folder. Consequently, the worm becomes active prior to its opening the real folder. Moreover, Kelihos crafts .LNK files that are included in the contaminated detachable drives using a command: C:\WINDOWS\system32\cmd.exe F/c "start %cd%\game.exe, adds Escober.

The worm can seize credentials from various FTPS i.e. File Transfer Protocol namely FTP Control, P32bit FTP, LeapFTP, FileZilla, BitKinex, SecureFX amongst others. A particularly routine task Kelihos performs is that of garnering electronic mail ids listed on the infected PC.

Remarking about the above scams, Senior Technology Consultant Graham Cluley at Sophos another security company posted that clearly cyber-criminals maintained no limit in acting malicious during their search to locate victims. Detestably further, malware creators as also Web-hackers felt least anxiety in exploiting innocent public that died at the marathon, when solely aiming at infecting PCs to steal identities, resources and money, he asserted. Ibtimes.co.uk published this during the 3rd-week of April 2013.

Related article: Web Flaws Among the Top Three Common Vulnerabilities

» SPAMfighter News - 5/1/2013