UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
UPDATE: 04-18-2013 @ 10:10 AM CDT -
Some of the spam campaigns are now changing over to the Waco plant explosion. Basically the lure is the same, a subject that talks mentions the video and then an IP only url with /texas.html or /news.html. The landing page has a few embedded YouTube videos and an iframe with malicious content at the end.
** End Update 1 **
About mid-afternoon yesterday (Central time - US), Boston related spam campaigns have begun. The general "hook" is that it sends a URL with a subject about the video from the explosions. Similar to when Osama Bin Laden was killed and fake images were used as a hook, in this case, the video is relevant to the story and being used as a hook. Right now, very roughly 10-20% of all spam is related to this (some spamtraps reporting more, some less). Similar IPs have also been sending pump & dump scams so likely the same group has re-tasted itself.
Here is a list of subjects I've seen hit spam traps:
Here is a list of malicious URLs in those messages (use at your own risk):
--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting
Comments
Rich
Apr 17th 2013
1 decade ago
hxxp://37.229.215.183/texas.html
same IP but a change from boston.html to texas.
New subject as well
Fertilizer Plant Explosion Near Waco, Texas
tkrabec
Apr 19th 2013
1 decade ago