Cyber criminals have exploited interest in the breaking news story of the explosions at the Boston Marathon by spreading malware. Messages spammed out by attackers claim to contain a link to video footage of Monday's terrorist activity in Boston, with subject lines such as "2 Explosions at Boston Marathon".
Other subject lines used in the campaign include:
-Aftermath to explosion at Boston Marathon -Boston Explosion Caught on Video
-Video of Explosion at the Boston Marathon 2013
If you make the mistake of clicking on the link, however, you are taken to a website which while showing you genuine YouTube videos of the the horrific incident, at the background, the page load an iframe to a malicious page where the java exploit is being hosted. It then attempts to infect your computer with a Windows Trojan horse that Sophos products detect as Troj/Tepfer-Q.
If installed, the malware makes changes to the Registry and installs the following files, allowing hackers to gain remote access to infected computers:
<System>\drivers\npf.sys
<System>\Packet.dll
<System>\wpcap.dll
The file NPF.sys is registered as a new service named "NPF", with a display name of "WinPcap Packet Driver (NPF)".
On the other report, Kaspersky analyzed and found that malware tries to connect to several IP addresses in Ukraine, Argentina and Taiwan. Obviouly malicious hackers exploiting the deaths of innocent people in their attempt to infect computers for the purposes of stealing money, resources and identities.
From Sophos
No comments:
Post a Comment