Cisco Blogs
Share
tweet

Yesterday Boston, Today Waco, Tomorrow Malware

- April 18, 2013 - 0 Comments

At 10:30 UTC one of the botnet spam campaigns we discussed yesterday took a shift to focus on the recent explosion in Texas. The miscreants responded to the tragic events in Texas almost immediately. The volume of the attack is similar to what we witnessed yesterday with the maximum volume peaking above 50% of all spam sent. We’ve seen 23 unique sites hosting the malware. This is an attempt to grow the botnet.

1-waco-graph1

 

The attack itself remains nearly identical to yesterday’s, using YouTube videos as a vehicle to attract curious victims.

 

2-youtube

3-attack

 

We’ve seen the following spam subjects in correlation with the attack:

“Fertilizer Plant Explosion Near Waco, Texas”
“Plant Explosion Near Waco, Texas”
“Raw: Texas Explosion Injures Dozens”
“Texas Explosion Injures Dozens”
“Texas Plant Explosion”
“Texas plant explosion”
“Video footage of Texas explosion”
“Waco Explosion HD”

4-texas_spam_screenshot

Tags:
Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

All comments in this blog are held for moderation. Your comment will not display until it has been approved

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share
tweet