Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Security Activity Bulletin

Boston Marathon Spam Activity

 
Threat Type:IntelliShield: Security Activity Bulletin
IntelliShield ID:29020
Version:1
First Published:2013 April 17 22:29 GMT
Last Published:2013 April 17 22:29 GMT
Port: Not available
Urgency:Possible use
Credibility:Confirmed
Severity:Mild Damage
Related Resources:
 
 
Version Summary:Multiple online scams have been reported following the Boston Marathon bombing.
 

Description
 
E-mail spam campaigns, fraudulent monetary scams, and exploits against known vulnerabilities are ongoing related to the April 15, 2013, explosions at the Boston Marathon.

Reports indicate that the online spam campaigns are related to news about the Boston Marathon bombing. Fake Twitter social media accounts with the names handle @_BostonMarathon and account @HopeForBoston were set up and reportedly posted false photos of victims in the marathon as well as asking for donations. Reports also indicated that more than 125 domain names were purchased, including names such as bostonmarathonvictimfund.com, bostonmarathonvictimsrelieffund.com, and bostonvictimsdonation.com, possibly indicating an attempt to capitalize on the bombing attacks.

In addition, two botnets began massive spam campaigns. One spam campaign consists of a malicious link to a site that claims to have videos of the explosions from the attack; however, the link directs users to a web page that includes iframes that load content from several YouTube videos plus content from an attacker-controlled site. Reports indicate that the attacker-controlled site may contain .jar files that can compromise vulnerable machines, which may target the vulnerability documented in IntelliShield Alert 26159. Another spam campaign is linked to graphical HTML content claiming to be breaking news from CNN.

Customers using Cisco products such as Cisco Intrusion Prevention System devices, Cloud Web Security, Email Security Appliances, and Web Security Appliances have been protected by these products since the beginning of the spamming campaigns.

Customers can help protect against Java exploits associated with spam messages with the following Intrusion Prevention System signature: Java Runtime Bytecode Verifier Remote Code Execution Vulnerability

Users are advised by the U.S. Department of Homeland Security National Cybersecurity and Communications Integration Center to send donations in support of the Boston Marathon victims through official fund-raising charities such as the Red Cross.

Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them.

Users should verify that unsolicited links are safe to follow.
 
Alert History
 
Initial Release


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
IntelliShieldSecurity Activity Bulletin Original Release Base

Associated Products:
N/A




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield