Cybergangs that specialize in phishing scams wasted little time moving to take advantage of the Boston bombing saga and the Texas fertilizer plant explosion. Dell SecureWorks on Friday detected and blocked waves of emails carrying enticements to click to video of the twin news events. Doing so does take the victim to a YouTube video of the event but it also triggers an infection that turns control of the victim PC over to operators of two of largest networks of infected PCs, referred to as the Cutwail and Kelihos botnets. USA TODAY asked Dell security researcher Dr. Brett StoneGross for more clarity.
Q: What stands out about this wave?
A: Cutwail is known for sending out the notorious ZeuS Banking Trojan, money mule recruitment, fake antivirus, rogue pharmacies, dating scams, fake diplomas, and replica watches. Kelihos is wellknown for its advertisement of socalled “pumpndump” stock fraud scams that promote penny stocks in order to manipulate their price; followed by a massive selloff.
Q: What a typical lure a consumer might see this weekend?
A: The next lure will likely depend on the upcoming news events and updates that unfold, including updates around these two tragedies. However, the miscreants behind these spam campaigns usually take weekends off, so we may not see new lures until the start of next week.
Q: What will happen if I click on the link, thinking I see a video?
A: The Kelihos spam links to fake websites that embed legitimate YouTube videos surrounding these events, along with a malicious HTML iframe that loads an exploit kit that targets vulnerabilities in browser plugins. If a user system is vulnerable to the exploits, malware will be silently installed in the background.
Q: Why is it so difficult to stop these predictable attacks?
A: Unfortunately, it is very difficult to educate every computer user about the dangers of clicking on links and attachments in email, and the process of routinely updating software can often seem like a tedious process, leaving many users vulnerable to these attacks.