a couple of real confirmed viruses targeted at those watching the Boston terrorist attack story unfold.
viruses seen as emails with the following 3 subject lines
- Opinion: FBI knew about bombs 3 days before Boston Marathon – Why and Who Benefits?
- Opinion: Boston Marathon Explosions – FBI Benefits?
- Explosion at Boston Marathon
they all have the following in common with the link being an IP address with /boston.html at the end.
the sending IP addresses are 188.8.131.52 (Iran), 184.108.40.206 (US) & 220.127.116.11 (Belarus)
as the senders email addresses are spoofed, I won’t bother mentioning
original post below…
There are posts and comments going around Facebook with a link to what appear to be a video outside of Facebook, I’ve seen wording such as…
“SCUM ARAB SAUDI … WATCH THE VIDEO BEFORE IT GETS REMOVED!!”
although it will be many similar variations. If you click on it, you will get a warning from Facebook to say you’re leaving their safety.
I have also just seen a very well-crafted email that appears to show a link to a regular html file.
A subject similar to “Explosions at Boston Marathon”
and just a link looking like “http:// 192.168.123.123/boston.html”
Neither of these viruses were picked up by the couple of scanners I have tried.
But like anytime I see something suspicious like this, running the url through an online scanner such as http://sitecheck.sucuri.net/ proved that the url would have redirected me to an .exe, and I guess a .dmg if I’d been using a Mac.
I’m sure there are other versions around (please let me know of variations you see)…
#OpUSA is only a couple of weeks away and I am sure we are going to see a lot more targeting like it, these are the same people that were active in the #OpIsrael attacks, so you can have a pretty good guess who they are.
Make sure you have an AV program, but don’t rely on it.
If you have a blog, especially WordPress, use one of the free addons, and for God sake, complex passwords for the admin account, and I mean “&F3CgGEx” complex.