Skip to main content
  1. Home
  2. Social Media
  3. News

Spammers use Boston bombing, Texas fires and other human tragedy to spread malware

By

Screen Shot 2013-04-22 at 10.51.50 AMAnd in this week’s edition of “Dirtbags of the Internet,” malware spammers are using the Boston Marathon bombing to spread malicious programs. 

How are they doing it? They send messages out with subject lines promising a video of the explosions. And if you click on them, you do see genuine footage of the blasts – while a Windows Trojan Horse infects your computer. Security experts Sophos’ Naked Security blog details how the malware works – and  Betabeat counseled readers to pass this information along to AOL-using aunts and forward-enthusiast uncles.  

Recommended Videos

Watch out for emails labeled “Aftermath to explosions at Boston Marathon” and “Explosions at Boston Marathon” – even if they appear to be normal, working links, they may still liberally douse your computer in malware. 

Malwarebytes.org reported that the Boston explosion wasn’t the only horrible thing to happen last week that scammers exploited. They also used the large-scale factory fire in West, Texas as bait for digital rubberneckers, promising footage of the blaze but secretly infecting people who clicked.

We talked to Malwarebytes’ Senior Security Researcher Jerome Segura, who confirmed our suspicions that the same people behind the bombing malware are behind the Texas bait. “It is correct to assume the same guys are behind the Boston Marathon and Texas explosion fake emails. The spam emails came from at least two botnets: Kelihos and Cutwail which sent an unusual amount of spam following each event. It’s worth noting that both of these botnets had been previously shutdown but have come back to life. There are many different groups behind these attacks, but most of them are located in Eastern Europe.”

And there’s more dirtbaggery afoot: According to Boston Magazine, someone is trying to sell a Facebook page memorializing the Boston bombing for $1,000, an example where greed completely tramples good taste and human decency.

“When users click the link to view these videos, they get redirected to a site that contains the Redkit exploit kit, a platform used to run multiple exploits on the victims’ machines and take advantage of one of many vulnerabilities in the browser and its plugins,” Segura explains. 

“Once the machine is compromised, malware is downloaded and run. In this particular case we observed fake antivirus as well as the ZeroAccess Trojan. The former scares the victim into thinking their PC is infected and blocks access to many programs. The goal is extort between $30 to $80 out of their victims. The latter is more discrete and uses the computer’s resources to mine bitcoins, a digital currency obtained by conducting digital computations requiring a lot of computing power and therefore slowing down to a crawl the victim’s PCs.”

People have always tried to capitalize on tragedies, and the Internet just makes it a lot easier. Although news like this can be seriously disheartening, it’s important to remember that for every fake Boston Marathon Twitter account trolling for RTs, there were more people seriously looking for ways to help victims. 

And if you’re still bummed out, read the wise words Patton Oswalt posted on his Facebook page after the incident: Screen Shot 2013-04-22 at 11.13.37 AM

Topics
Kate Knibbs
Kate Knibbs
Former Digital Trends Contributor
Kate Knibbs is a writer from Chicago. She is very happy that her borderline-unhealthy Internet habits are rewarded with a…
Bluesky barrels toward 1 million new sign-ups in a day
Bluesky social media app logo.

Social media app Bluesky has picked nearly a million new users just a day after exiting its invitation-only beta and opening to everyone.

In a post on its main rival -- X (formerly Twitter) -- Bluesky shared a chart showing a sudden boost in usage on the app, which can now be downloaded for free for iPhone and Android devices.

Read more
How to make a GIF from a YouTube video
woman sitting and using laptop

Sometimes, whether you're chatting with friends or posting on social media, words just aren't enough -- you need a GIF to fully convey your feelings. If there's a moment from a YouTube video that you want to snip into a GIF, the good news is that you don't need complex software to so it. There are now a bunch of ways to make a GIF from a YouTube video right in your browser.

If you want to use desktop software like Photoshop to make a GIF, then you'll need to download the YouTube video first before you can start making a GIF. However, if you don't want to go through that bother then there are several ways you can make a GIF right in your browser, without the need to download anything. That's ideal if you're working with a low-specced laptop or on a phone, as all the processing to make the GIF is done in the cloud rather than on your machine. With these options you can make quick and fun GIFs from YouTube videos in just a few minutes.
Use GIFs.com for great customization
Step 1: Find the YouTube video that you want to turn into a GIF (perhaps a NASA archive?) and copy its URL.

Read more
I paid Meta to ‘verify’ me — here’s what actually happened
An Instagram profile on an iPhone.

In the fall of 2023 I decided to do a little experiment in the height of the “blue check” hysteria. Twitter had shifted from verifying accounts based (more or less) on merit or importance and instead would let users pay for a blue checkmark. That obviously went (and still goes) badly. Meanwhile, Meta opened its own verification service earlier in the year, called Meta Verified.

Mostly aimed at “creators,” Meta Verified costs $15 a month and helps you “establish your account authenticity and help[s] your community know it’s the real us with a verified badge." It also gives you “proactive account protection” to help fight impersonation by (in part) requiring you to use two-factor authentication. You’ll also get direct account support “from a real person,” and exclusive features like stickers and stars.

Read more