Avatar

At 10:30 UTC one of the botnet spam campaigns we discussed yesterday took a shift to focus on the recent explosion in Texas. The miscreants responded to the tragic events in Texas almost immediately. The volume of the attack is similar to what we witnessed yesterday with the maximum volume peaking above 50% of all spam sent. We’ve seen 23 unique sites hosting the malware. This is an attempt to grow the botnet.

1-waco-graph1

 

The attack itself remains nearly identical to yesterday’s, using YouTube videos as a vehicle to attract curious victims.

 

2-youtube

3-attack

 

We’ve seen the following spam subjects in correlation with the attack:

“Fertilizer Plant Explosion Near Waco, Texas”
“Plant Explosion Near Waco, Texas”
“Raw: Texas Explosion Injures Dozens”
“Texas Explosion Injures Dozens”
“Texas Plant Explosion”
“Texas plant explosion”
“Video footage of Texas explosion”
“Waco Explosion HD”

4-texas_spam_screenshot



Authors

Craig Williams

Director

Talos Outreach