At 10:30 UTC one of the botnet spam campaigns we discussed yesterday took a shift to focus on the recent explosion in Texas. The miscreants responded to the tragic events in Texas almost immediately. The volume of the attack is similar to what we witnessed yesterday with the maximum volume peaking above 50% of all spam sent. We’ve seen 23 unique sites hosting the malware. This is an attempt to grow the botnet.



The attack itself remains nearly identical to yesterday’s, using YouTube videos as a vehicle to attract curious victims.





We’ve seen the following spam subjects in correlation with the attack:

“Fertilizer Plant Explosion Near Waco, Texas”
“Plant Explosion Near Waco, Texas”
“Raw: Texas Explosion Injures Dozens”
“Texas Explosion Injures Dozens”
“Texas Plant Explosion”
“Texas plant explosion”
“Video footage of Texas explosion”
“Waco Explosion HD”