Multiple online scams have been reported following the Boston Marathon bombing.
E-mail spam campaigns, fraudulent monetary scams, and exploits against known vulnerabilities are ongoing related to the April 15, 2013, explosions at the Boston Marathon.
Reports indicate that the online spam campaigns are related to news about the Boston Marathon bombing. Fake Twitter social media accounts with the names handle @_BostonMarathon and account @HopeForBoston were set up and reportedly posted false photos of victims in the marathon as well as asking for donations. Reports also indicated that more than 125 domain names were purchased, including names such as bostonmarathonvictimfund.com, bostonmarathonvictimsrelieffund.com, and bostonvictimsdonation.com, possibly indicating an attempt to capitalize on the bombing attacks.
In addition, two botnets began massive spam campaigns. One spam campaign consists of a malicious link to a site that claims to have videos of the explosions from the attack; however, the link directs users to a web page that includes iframes that load content from several YouTube videos plus content from an attacker-controlled site. Reports indicate that the attacker-controlled site may contain .jar files that can compromise vulnerable machines, which may target the vulnerability documented in IntelliShield Alert 26159. Another spam campaign is linked to graphical HTML content claiming to be breaking news from CNN.
Customers using Cisco products such as Cisco Intrusion Prevention System devices, Cloud Web Security, Email Security Appliances, and Web Security Appliances have been protected by these products since the beginning of the spamming campaigns.
Users are advised by the U.S. Department of Homeland Security National Cybersecurity and Communications Integration Center to send donations in support of the Boston Marathon victims through official fund-raising charities such as the Red Cross.
Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them.
Users should verify that unsolicited links are safe to follow.
The security vulnerability applies to the following combinations of products.
Security Activity Bulletin
Original Release Base
Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the
Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service.
This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.