Feeds

Malware and domain-squatters target Boston Marathon bombing

Tragedy inspires threats both true and false

High performance access to file storage

The scummier end of the online community has been quick to use Monday's bombing of the Boston Marathon as bait for multiple malware dispersals, plus a spot of old-fashioned online fraud along the way.

Within 24 hours of the blasts, the ISC reported that 234 potentially fake domains have been registered featuring mention of the attack. Some have started soliciting donations (including one asking for Bitcoins – evidently confident that the current $90 unit price will rise again) but there are no reports of spammers using them, as yet.

It should be pointed out that a few of these domains were bought by people looking to stop squatters, and most are "parked" or dead-end links at this stage. John Bambenek, ISC member and founder of Bambenek Consulting, said the figures were rather a positive sign.

"I would have thought this would have picked up quicker than it had," he said. "That said, it did give me the impetus to finish scripting a few things to basically monitor these domains automatically to start looking for indicators and to see when (or if) they ever come out of 'parked' status."

Meanwhile, malware distributors are relying on the age-old principle that people will click on URLs without thinking if they're really interesting in the subject. It's a tactic that has worked for over a decade and probably always will, given the fundamental Layer Eight problem of human curiosity and stupidity.

Sophos, Kaspersky, and AVG are warning of the tactic being used to spread the Windows Trojan Tepfer, usually in emails entitled "Explosion at Boston Marathon." The link for more information comes with an IP address and an HTML page ending in "news.html" or "boston.htm" that leads to a page of videos. 60 seconds later the Trojan tries to install itself in the background.

Not to be left out, scammers are trying to seed a second piece of malware, this time a JAR file aimed at getting past flaws in Oracle's Java. This URL, in a similar format, redirects the user to three other URLs that try and install the malware if it detects an unpatched vulnerability. Oracle released a combination patch for Java on Tuesday and users are advised to get it installed.

It's the Westboro Baptists again!

Meanwhile, it has been reported that Anonymous has taken over the Facebook page of America's least-favorite poster-children for free expression, the Westboro Baptist Church (WBC).

This small cult of around 100 members, based around the Phelps-Roper family in Kansas, passes its days protesting at funerals of military and high-profile celebrities with the message that everything bad in America happens because of its acceptance of the homosexuality. As a sideline, WBC members include many lawyers fond of suing people for large damages if they get punched.

Shortly after the twin blasts at the finishing line of the Boston Marathon, the WBC issued a press release saying that they would be attending the funerals of the three people killed, replete with their customized "God sent the bombs" signs. They also said they planned to protest Thursday's memorial service at the city's Cathedral of the Holy Cross.

"Massachusetts invited this special wrath from God Almighty when it was the FIRST STATE to pass same-sex marriage on May 17, 2004," the WBC said. "As a direct and immediate result of that first step down the slippery slope to nationwide fag marriage, God sent the devastating bombs to the Boston Marathon."

This prompted a response from the Twitter feed of @YourAnonNews threatening the WBC with the usual "expect us" warning. Then crackers claiming to be from Anonymous appeared to have taken over the Facebook page of the WBC to post pictures of kittens, jokes, and inspirational sayings.

This was originally reported as a hack, but looks more like a case of brand-jacking. The WBC deny having a Facebook page (preferring to tweet instead) and Anonymous have pointed out that @YourAnonNews is not an official organ of communication. ®

Bootnote

While not a Bostonian, this El Reg hack has many friends born and bred there and once spent a memorable Thanksgiving in that wonderful city that permanently damaged his liver. It's going to be very tempting (and somewhat in keeping with the city's character) for Bostonians to take a swing at the WBC, but please refrain; it only encourages them.

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.