Botnets Come Out Of Hiding For Boston Bombing Spam

  /     /     /  
Publicated : 22/11/2024   Category : security


Botnets Come Out Of Hiding For Boston Bombing Spam


Kelihos, Cutwail botnets jump into action to deliver spam emails disguised as news from bombings



Spammers are harnessing two venerable botnets -- Kelihos and Cutwail -- to send out reams of deceptive emails disguised as news and video clips from the Boston Bombing, but that carry malicious payloads.
According to a
blog by researchers at Trusteer
, a large portion of the Boston Bombing spam emanates from Kelihos, a botnet targeted for termination by Microsoft last year and widely thought to be dead.
Kelihos has been growing slowly and is now delivering large amounts of spam again, Trusteer says. But this time, instead of stock spam, it is delivering malware.
This code is none other than Redkit, an exploit kit that attempts to exploit vulnerabilities on your computer, Trusteer says. If the exploit is successful, malware is downloaded onto the PC. One of these pieces of malware ... is actually a copy of the Kelihos bot itself, which when it is installed, will proceed to spam more of the same Boston-themed spam.
Researchers at Dell Secureworks confirmed that Kelihos is back in action and sending out large amounts of Boston-related spam. The Dell researchers also say some of the spam is emanating from Cutwail, a long-established botnet that has been a favorite vehicle for spam distribution.
Computer victims who click the malicious link are directed to a page that loads several iframes, Dell Secureworks says. The iframes perform simultaneous actions when rendered in a victims web browser: [They] redirect the browser to a YouTube video showing the attack, [and they] redirect the browser to a Redkit Exploit Pack landing page.
After the Web browser loads the Redkit landing page, Redkit initiates a series of requests that ultimately lead to the installation of a malware cocktail that may include Win32/Karagany, the Pony downloader Trojan, the ZeroAccess Trojan, and/or the Waledac/Kelihos bot, Dell Secureworks says.
Both companies said they have updated their own security tools to defend against the new attacks.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Botnets Come Out Of Hiding For Boston Bombing Spam