E-mail spam campaigns, fraudulent monetary scams, and exploits against known vulnerabilities are ongoing related to the April 15, 2013, explosions at the Boston Marathon.
Reports indicate that the online spam campaigns are related to news about the Boston Marathon bombing. Fake Twitter social media accounts with the names handle @_BostonMarathon
and account @HopeForBoston
were set up and reportedly posted false photos of victims in the marathon as well as asking for donations. Reports also indicated that more than 125 domain names were purchased, including names such as bostonmarathonvictimfund.com
, and bostonvictimsdonation.com
, possibly indicating an attempt to capitalize on the bombing attacks.
In addition, two botnets began massive spam campaigns. One spam campaign consists of a malicious link to a site that claims to have videos of the explosions from the attack; however, the link directs users to a web page that includes iframes that load content from several YouTube videos plus content from an attacker-controlled site. Reports indicate that the attacker-controlled site may contain .jar
files that can compromise vulnerable machines, which may target the vulnerability documented in IntelliShield Alert 26159
. Another spam campaign is linked to graphical HTML content claiming to be breaking news from CNN.
Customers using Cisco products such as Cisco Intrusion Prevention System devices, Cloud Web Security, Email Security Appliances, and Web Security Appliances have been protected by these products since the beginning of the spamming campaigns.
Customers can help protect against Java exploits associated with spam messages with the following Intrusion Prevention System signature: Java Runtime Bytecode Verifier Remote Code Execution Vulnerability
Users are advised by the U.S. Department of Homeland Security National Cybersecurity and Communications Integration Center to send donations in support of the Boston Marathon victims through official fund-raising charities such as the Red Cross.
Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them.
Users should verify that unsolicited links are safe to follow.