Boston Marathon Bombings Exploited by 'Sick' Cybercriminals to Spread Malware

Within 24 hours of the horrific Boston Marathon bombings, spam messages with related subject lines have begun spreading around the globe.

The Boston Marathon bombings claimed the lives of three innocent people on Monday but in what is now typical behaviour for cybercriminals, the tragic incident is already being used in an attempt to lure people into clicking malicious links embedded in emails with subject lines related to the blasts.

Among the subject lines seen by security firm Trend Micro over the last 24 hours include:

• 2 Explosions at Boston Marathon
• Aftermath to explosion at Boston Marathon
• Boston Explosion Caught on Video
• Video of Explosion at the Boston Marathon 2013

The spam emails contain a link to a website hosting an embedded video, supposedly from YouTube. At this point, users who click on the link may have already downloaded malware unknowingly, in a process known as a drive-by-download attack.

Once downloaded, the malware makes changes to the Registry and allows those in charge to gain remote access to infected computers. Graham Cluley, from security firm Sophos, commented on the Naked Security Blog:

"Clearly, there are no depths to which cybercriminals are not prepared to stoop in their hunt for victims. The sick truth is that malware authors and malicious hackers lose no sleep about exploiting the deaths of innocent people in their attempt to infect computers for the purposes of stealing money, resources and identities."

While Trend Micro has spotted the download coming from IP addresses in a range of countries, Sophos says all the spam messages like this it has seen originate in Ukraine and Latvia.

Trend Micro has identified the malware downloaded to people's PCs as a new variant of the infamous Kelihos Worm, which has infected hundreds of thousands of PCs around the world over the past three years.