Feeds

Malware and domain-squatters target Boston Marathon bombing

Tragedy inspires threats both true and false

Security for virtualized datacentres

The scummier end of the online community has been quick to use Monday's bombing of the Boston Marathon as bait for multiple malware dispersals, plus a spot of old-fashioned online fraud along the way.

Within 24 hours of the blasts, the ISC reported that 234 potentially fake domains have been registered featuring mention of the attack. Some have started soliciting donations (including one asking for Bitcoins – evidently confident that the current $90 unit price will rise again) but there are no reports of spammers using them, as yet.

It should be pointed out that a few of these domains were bought by people looking to stop squatters, and most are "parked" or dead-end links at this stage. John Bambenek, ISC member and founder of Bambenek Consulting, said the figures were rather a positive sign.

"I would have thought this would have picked up quicker than it had," he said. "That said, it did give me the impetus to finish scripting a few things to basically monitor these domains automatically to start looking for indicators and to see when (or if) they ever come out of 'parked' status."

Meanwhile, malware distributors are relying on the age-old principle that people will click on URLs without thinking if they're really interesting in the subject. It's a tactic that has worked for over a decade and probably always will, given the fundamental Layer Eight problem of human curiosity and stupidity.

Sophos, Kaspersky, and AVG are warning of the tactic being used to spread the Windows Trojan Tepfer, usually in emails entitled "Explosion at Boston Marathon." The link for more information comes with an IP address and an HTML page ending in "news.html" or "boston.htm" that leads to a page of videos. 60 seconds later the Trojan tries to install itself in the background.

Not to be left out, scammers are trying to seed a second piece of malware, this time a JAR file aimed at getting past flaws in Oracle's Java. This URL, in a similar format, redirects the user to three other URLs that try and install the malware if it detects an unpatched vulnerability. Oracle released a combination patch for Java on Tuesday and users are advised to get it installed.

It's the Westboro Baptists again!

Meanwhile, it has been reported that Anonymous has taken over the Facebook page of America's least-favorite poster-children for free expression, the Westboro Baptist Church (WBC).

This small cult of around 100 members, based around the Phelps-Roper family in Kansas, passes its days protesting at funerals of military and high-profile celebrities with the message that everything bad in America happens because of its acceptance of the homosexuality. As a sideline, WBC members include many lawyers fond of suing people for large damages if they get punched.

Shortly after the twin blasts at the finishing line of the Boston Marathon, the WBC issued a press release saying that they would be attending the funerals of the three people killed, replete with their customized "God sent the bombs" signs. They also said they planned to protest Thursday's memorial service at the city's Cathedral of the Holy Cross.

"Massachusetts invited this special wrath from God Almighty when it was the FIRST STATE to pass same-sex marriage on May 17, 2004," the WBC said. "As a direct and immediate result of that first step down the slippery slope to nationwide fag marriage, God sent the devastating bombs to the Boston Marathon."

This prompted a response from the Twitter feed of @YourAnonNews threatening the WBC with the usual "expect us" warning. Then crackers claiming to be from Anonymous appeared to have taken over the Facebook page of the WBC to post pictures of kittens, jokes, and inspirational sayings.

This was originally reported as a hack, but looks more like a case of brand-jacking. The WBC deny having a Facebook page (preferring to tweet instead) and Anonymous have pointed out that @YourAnonNews is not an official organ of communication. ®

Bootnote

While not a Bostonian, this El Reg hack has many friends born and bred there and once spent a memorable Thanksgiving in that wonderful city that permanently damaged his liver. It's going to be very tempting (and somewhat in keeping with the city's character) for Bostonians to take a swing at the WBC, but please refrain; it only encourages them.

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.