Feeds

Malware and domain-squatters target Boston Marathon bombing

Tragedy inspires threats both true and false

Remote control for virtualized desktops

The scummier end of the online community has been quick to use Monday's bombing of the Boston Marathon as bait for multiple malware dispersals, plus a spot of old-fashioned online fraud along the way.

Within 24 hours of the blasts, the ISC reported that 234 potentially fake domains have been registered featuring mention of the attack. Some have started soliciting donations (including one asking for Bitcoins – evidently confident that the current $90 unit price will rise again) but there are no reports of spammers using them, as yet.

It should be pointed out that a few of these domains were bought by people looking to stop squatters, and most are "parked" or dead-end links at this stage. John Bambenek, ISC member and founder of Bambenek Consulting, said the figures were rather a positive sign.

"I would have thought this would have picked up quicker than it had," he said. "That said, it did give me the impetus to finish scripting a few things to basically monitor these domains automatically to start looking for indicators and to see when (or if) they ever come out of 'parked' status."

Meanwhile, malware distributors are relying on the age-old principle that people will click on URLs without thinking if they're really interesting in the subject. It's a tactic that has worked for over a decade and probably always will, given the fundamental Layer Eight problem of human curiosity and stupidity.

Sophos, Kaspersky, and AVG are warning of the tactic being used to spread the Windows Trojan Tepfer, usually in emails entitled "Explosion at Boston Marathon." The link for more information comes with an IP address and an HTML page ending in "news.html" or "boston.htm" that leads to a page of videos. 60 seconds later the Trojan tries to install itself in the background.

Not to be left out, scammers are trying to seed a second piece of malware, this time a JAR file aimed at getting past flaws in Oracle's Java. This URL, in a similar format, redirects the user to three other URLs that try and install the malware if it detects an unpatched vulnerability. Oracle released a combination patch for Java on Tuesday and users are advised to get it installed.

It's the Westboro Baptists again!

Meanwhile, it has been reported that Anonymous has taken over the Facebook page of America's least-favorite poster-children for free expression, the Westboro Baptist Church (WBC).

This small cult of around 100 members, based around the Phelps-Roper family in Kansas, passes its days protesting at funerals of military and high-profile celebrities with the message that everything bad in America happens because of its acceptance of the homosexuality. As a sideline, WBC members include many lawyers fond of suing people for large damages if they get punched.

Shortly after the twin blasts at the finishing line of the Boston Marathon, the WBC issued a press release saying that they would be attending the funerals of the three people killed, replete with their customized "God sent the bombs" signs. They also said they planned to protest Thursday's memorial service at the city's Cathedral of the Holy Cross.

"Massachusetts invited this special wrath from God Almighty when it was the FIRST STATE to pass same-sex marriage on May 17, 2004," the WBC said. "As a direct and immediate result of that first step down the slippery slope to nationwide fag marriage, God sent the devastating bombs to the Boston Marathon."

This prompted a response from the Twitter feed of @YourAnonNews threatening the WBC with the usual "expect us" warning. Then crackers claiming to be from Anonymous appeared to have taken over the Facebook page of the WBC to post pictures of kittens, jokes, and inspirational sayings.

This was originally reported as a hack, but looks more like a case of brand-jacking. The WBC deny having a Facebook page (preferring to tweet instead) and Anonymous have pointed out that @YourAnonNews is not an official organ of communication. ®

Bootnote

While not a Bostonian, this El Reg hack has many friends born and bred there and once spent a memorable Thanksgiving in that wonderful city that permanently damaged his liver. It's going to be very tempting (and somewhat in keeping with the city's character) for Bostonians to take a swing at the WBC, but please refrain; it only encourages them.

Internet Security Threat Report 2014

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.