Botnets Come Out Of Hiding For Boston Bombing Spam

Kelihos, Cutwail botnets jump into action to deliver spam emails disguised as news from bombings

Spammers are harnessing two venerable botnets -- Kelihos and Cutwail -- to send out reams of deceptive emails disguised as news and video clips from the Boston Bombing, but that carry malicious payloads.
According to a
blog by researchers at Trusteer
, a large portion of the Boston Bombing spam emanates from Kelihos, a botnet targeted for termination by Microsoft last year and widely thought to be dead.
Kelihos has been growing slowly and is now delivering large amounts of spam again, Trusteer says. But this time, instead of stock spam, it is delivering malware.
This code is none other than Redkit, an exploit kit that attempts to exploit vulnerabilities on your computer, Trusteer says. If the exploit is successful, malware is downloaded onto the PC. One of these pieces of malware ... is actually a copy of the Kelihos bot itself, which when it is installed, will proceed to spam more of the same Boston-themed spam.
Researchers at Dell Secureworks confirmed that Kelihos is back in action and sending out large amounts of Boston-related spam. The Dell researchers also say some of the spam is emanating from Cutwail, a long-established botnet that has been a favorite vehicle for spam distribution.
Computer victims who click the malicious link are directed to a page that loads several iframes, Dell Secureworks says. The iframes perform simultaneous actions when rendered in a victims web browser: [They] redirect the browser to a YouTube video showing the attack, [and they] redirect the browser to a Redkit Exploit Pack landing page.
After the Web browser loads the Redkit landing page, Redkit initiates a series of requests that ultimately lead to the installation of a malware cocktail that may include Win32/Karagany, the Pony downloader Trojan, the ZeroAccess Trojan, and/or the Waledac/Kelihos bot, Dell Secureworks says.
Both companies said they have updated their own security tools to defend against the new attacks.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Botnets Come Out Of Hiding For Boston Bombing Spam