Cybercriminals often take advantage of the global news to make their own, and this time they have not let the Boston attack or the explosion occurred in a fertilizer plant in Waco (Texas).
In the last hours they have been detectedSpam emails with malicious links that seek to infect computers.In the following screenshots you can see two of them that I have received:
Both emails have the same format and use similar techniques to infect:
Under the subject Explosions at the Boston Marathon and Waco Explosion HD The emails only include a link that loads a page where you can see several YouTube videos:
This in principle does not seem to be a bad thing, but at the end of the pages load using an iframe(what is an iframe?) to another page with malicious codes that search for vulnerabilities and exploit them to install malware automatically (exploits).
In other words, while victims watch the videos their computers are silently attacked:
As we see the deception is easy to detect, since they are unexpected emails and in English that only contain a suspicious link, reason enough not to click and delete them.
Also, although it cannot be fully appreciated in the screenshots that I share, the first section of the links is an IP (numbers) instead of a domain name … that's another typical detail of spam emails. In these cases the IP addresses are of Russian origin, just enter them in a service like domaintools.com to see it.
On the other hand, the iframe technique to load malicious codes within the pages has been used by attackers for a long time, in the article I published a few days ago about the redirects that could be done with Google services, I mentioned it as one of the methods that can be implemented to manipulate the behavior of a page.
I hope the information is useful and if you receive emails like these do not click on the links because they could end up with the infected computer without realizing it! If they already did, do a full scan with the updated antivirus, then to make sure they do another one with an online antivirus (you can see a list here) and finally a pass with MalwareBytes never hurts.