UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
UPDATE: 04-18-2013 @ 10:10 AM CDT -
Some of the spam campaigns are now changing over to the Waco plant explosion. Basically the lure is the same, a subject that talks mentions the video and then an IP only url with /texas.html or /news.html. The landing page has a few embedded YouTube videos and an iframe with malicious content at the end.
** End Update 1 **
About mid-afternoon yesterday (Central time - US), Boston related spam campaigns have begun. The general "hook" is that it sends a URL with a subject about the video from the explosions. Similar to when Osama Bin Laden was killed and fake images were used as a hook, in this case, the video is relevant to the story and being used as a hook. Right now, very roughly 10-20% of all spam is related to this (some spamtraps reporting more, some less). Similar IPs have also been sending pump & dump scams so likely the same group has re-tasted itself.
Here is a list of subjects I've seen hit spam traps:
Here is a list of malicious URLs in those messages (use at your own risk):
--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting
Apple iTunes Services Outage
UPDATE: All seems to be well and the interuption was brief. You can check status @ http://www.apple.com/support/systemstatus/
We are getting reports of an Apple services outage and or diffuculty connecting to iTunes services. If you are seeing this please report it?
Richard Porter
--- ISC Handler on Duty
Comments