Heads up infidels… (Updated)

a couple of real confirmed viruses targeted at those watching the Boston terrorist attack story unfold.

UPDATED
viruses seen as emails with the following 3 subject lines

  • Opinion: FBI knew about bombs 3 days before Boston Marathon – Why and Who Benefits?
  • Opinion: Boston Marathon Explosions – FBI Benefits?
  • Explosion at Boston Marathon

they all have the following in common with the link being an IP address with /boston.html at the end.

the sending IP addresses are 188.245.54.106 (Iran), 215.114.122.151 (US) & 37.213.111.227 (Belarus)

as the senders email addresses are spoofed, I won’t bother mentioning

sophos have also reported on it here http://nakedsecurity.sophos.com/2013/04/17/malware-boston-marathon-bombing/

original post below…

There are posts and comments going around Facebook with a link to what appear to be a video outside of Facebook, I’ve seen wording such as…
“SCUM ARAB SAUDI … WATCH THE VIDEO BEFORE IT GETS REMOVED!!”
although it will be many similar variations. If you click on it, you will get a warning from Facebook to say you’re leaving their safety.

I have also just seen a very well-crafted email that appears to show a link to a regular html file.

A subject similar to “Explosions at Boston Marathon”
and just a link looking like “http:// 192.168.123.123/boston.html”

Neither of these viruses were picked up by the couple of scanners I have tried.

But like anytime I see something suspicious like this, running the url through an online scanner such as http://sitecheck.sucuri.net/ proved that the url would have redirected me to an .exe, and I guess a .dmg if I’d been using a Mac.

boston virus

I’m sure there are other versions around (please let me know of variations you see)…

#OpUSA is only a couple of weeks away and I am sure we are going to see a lot more targeting like it, these are the same people that were active in the #OpIsrael attacks, so you can have a pretty good guess who they are.
http://news.softpedia.com/news/Several-Hacktivist-Groups-to-Join-Forces-for-OpUSA-on-May-7-345566.shtml

Make sure you have an AV program, but don’t rely on it.
If you have a blog, especially WordPress, use one of the free addons, and for God sake, complex passwords for the admin account, and I mean “&F3CgGEx” complex.

Stay safe.

One Reply to “Heads up infidels… (Updated)”

Leave a Reply

Your email address will not be published. Required fields are marked *

*