The company ESET, said that experts the antivirus laboratory ESET discovered spam using the tragedy in Boston to spread malware Win32/Kelihos.
In phishing emails that are sent by hackers, contained an invitation to view the video, which captures the explosion during a marathon in Boston.
Following the link in this letter, the user actually gets to the page with the video, but on the same page and is a malicious element that redirects to a set of exploits Redkit. With the help of this Exploits Kit is installed on the user’s computer malware detected by ESET solutions as Win32/Kelihos.
This type of attack is called “drive-by installation”, or “hidden plant”. To install malware through a set of exploits used unpatched vulnerabilities in installed software (browser, flashplayer, ActiveX components, etc.) or in the operating system itself. Also, attackers can use 0day vulnerability updates are not even there.
Win32/Kelihos steal private user information (user names and passwords of various services, e-mail addresses of contacts, Bitcoin wallet contents, etc.) and sends the attackers. In addition, Kelihos combines compromised computers in the botnet. ESET experts have found that for increasing the number of infected users, cybercriminals even redirected to this botnet malware to spamming the blast in Boston.
It is worth noting that the incident – the only example of exploitation of the tragedy of the Boston online scams. In the first hour after the explosion appeared Twitter-account created ostensibly on behalf of the organizers of the marathon. According to the statement intruders, for every retweet, they will transfer the victims 1 dollar. Also called scammers send money to help the victims of the tragedy at their expense. Before the administration removed the account, it has been more than 50,000 retweets.
Experts from ESET continue to monitor the activities of the botnet Kelihos. Malicious objects family Win32/Kelihos promptly added to the antivirus databases, so phishing links are blocked by all decisions of ESET.