Within days of the horrifying Boston Marathon bombings, heartless cyber criminals are trying to take advantage of the world's shock and disgust at this cowardly act with a shameless malware campaign. It is quite unbelievable just how low these people will stoop.

The e-mails sent as part of this campaign use varying subject lines related to the bombings and claim to contain links to relevant video footage. Subject lines used typically look something like this:

"Aftermath of Boston Marathon Bombing"
"Boston Explosion Video"
"Video Boston Marathon 2013 Explosion"
"Twin Explosions of Boston Marathon"
"Bomb Attack at Boston Marathon"

Using a variety of links - undoubtedly designed to circumnavigate rudimentary e-mail filtering - these malicious e-mails (which are believed to originate from Latvia and the Ukraine) will indeed lead to YouTube videos of the terrible event.

The sites to which unsuspecting recipients are lead by clicking on these links do, however, also contain a Trojan horse - detected by Sophos products as Troj/Tepfer-Q - which, once installed on a user's computer, is designed to make changes to the user's registry and install the following files:

\drivers\npf.sys
\Packet.dll
\wpcap.dll

Registering the npf.sys file as a service by the name of "NPF" - with the display name "WinPcap Packet Driver (NPF)", these files then provide the originators of this malware with remote access to the infected computer. This, of course, enables them not only to wreak havoc on the computer's files, but potentially allows them to gain access to sensitive data - subsequently giving them the opportunity to commit financial, resource and/ or identity theft.

The best (and only) way to prevent these sick low-lives - who obviously have now qualms about exploiting the incredible suffering of those injured and the families of the innocent victims who lost their lives in this atrocious attack - from gaining access to your computer is to treat these unsolicited e-mails in your inbox with the contempt they deserve and simply delete them the moment they arrive.

Sadly, this is not the first time (and is unlikely to be the last time) criminals have tried to exploit the suffering of others. Every time there is a natural disaster, or a horrifying incident like these bombings, someone somewhere will - with sickening inevitability - try to gain from it. Ignoring unsolicited e-mails and getting news from reliable, official news Websites is a far more reliable, safer way to stay informed.

Not found what you are looking for? Ask Us!

Submit a Support Ticket