Terrorist attacks are occurring with increasing regularity around the world, but it is still rare for one to happen on American soil. However, on Monday an attack took place at the Boston Marathon. The tragedy claimed the lives of three people.
It is at times like this that vigilance must be increased. Criminals often use events such as this to infect computers with malware. Big news events are often used to lure victims into clicking on links to websites infected with malware or convince them to open malware-infected email attachments. The Boston bombing is no exception. Criminals have seized the opportunity already and have started sending emails about the tragedy which contain links to infected sites.
SpamTitan is alerted when spam and phishing emails are captured. The quarantine reports are collected and analyzed, and some of the recent crop of captured messages contain titles such as “Explosion at Boston Marathon” and “Boston Explosion Caught on Video.” When news breaks, people want to find out what has happened, and images and videos of the event are sought online. Videos of the Boston bombing are being searched for on Google and social media, and emails including links to videos are likely to be clicked.
Anyone clicking one of the links in the emails will be directed to YouTube where a range of videos are listed. No harm is immediately caused.
However, after 60 seconds the visitor will be notified of a file called “boston.avi____exe”, and are asked to download it. If the file is run, it will install malware which will connect to servers in three locations: Argentina, Taiwan and Ukraine. Data from the infected machine will then be sent to those servers. SpamTitan software will prevent the email from being delivered using a variety of methods, thus protecting the user. Individuals without this software installed are unlikely to even be aware that their computers have been compromised.
Be wary about emails containing news alerts
Cybercriminals often use news events to spread malware and gain access to computers and servers. Each major news story, whether it is a terrorist attack, election result, natural disaster or celebrity wedding, will see numerous phishing and spam campaigns launched. Many of these campaigns see emails sent out randomly, often in the millions.
Any company that does not have a spam filtering solution in place is likely to see many of these emails delivered, and all it takes is for one end user to click on a link and download a file for a network to be compromised. It is not only malware that is a problem.
There have been a number of new websites registered in the past two days related to the Boston bombing. New domains have been purchased by individuals looking to capitalize on the attack. Some have been bought and are currently just parked. Some individuals have purchased the domains to prevent them from being used by scammers. Others have been activated and are seeking donations to help the families of the victims. Of course, any donations made through those websites will just go into the criminal’s pocket.
In addition to installing a spam filter to catch email spam, and employing a web filter to block links to malicious websites, be sure to adopt the following best practices and make sure that staff members do the same:
Don’t become another victim of a scam!
- Check the email address of the person sending the email even if it appears to be from someone you know
- Never click on a link in an email unless you are sure that link is genuine
- Do not open attachments contained in emails from strangers
- Be wary about opening attachments sent from friends. Their account may have been compromised or they may not realize they are sending an infected file
- Never open executable files (those that end with .exe)
- Never respond to an email request for money. If you want to donate, do so via a trusted, registered charity. Always visit the website via the search engines, not the link contained in the email
- Make sure a charity is registered before making a donation
- Be wary of any email sent to you containing information about a news event – who is sending it? How did they get your email address?
- Do not forward or share suspicious emails or links