Archives for

Boston bombing

KELIHOS Worm Capitalizes On The Boston Bombing Incident


The Boston bombing incident was truly a sad day for the capital of Massachusetts. It just displays the inhumanity of other people. But what is more disgusting with it is that some people try to capitalize on the event. They try to put it to their advantage like the makers of the KELIHOS worm which has been going in circulation in the virtual community during the wake of the Boston incident based on TrendLabs.

Originally, the KELIHOS worm was thought of as an attack that utilizes the Blackhole Exploit Kit, which is a program that delivers a malicious payload to an unsuspecting user’s computer. However, the Trend Micro blog later reported that upon analysis of the malicious program, they found out that it does not exactly employ the Blackhole Exploit Kit. It does make use of a series of exploits numbering more than 9,000 though the blog added.

According to TrendLabs, the exploit will spam you with messages that appear to be related to the Boston blast. But, in reality, the messages contain links to sites that are packed with various malware. Some of the examples of the subjects used by hackers to pique the attention of the unsuspecting victims that the news source mentioned are “Video of Explosion at the Boston Marathon 2013”, “2 Explosions at Boston Marathon”, “Boston Explosion Caught on Video”, “Aftermath to Explosion at Boston Marathon” and many other variants.

First, you will get a message with a link promising you exclusive scoops of the event. Once you click it, a video that appears to be from YouTube gets shown. However, if you look at your download bar, it is actually downloading an executable file containing the WORM_KELIHOS malware.

The investigation conducted by Aisa Escober, Threat Response Engineer of Trend Micro, led her to IP addresses from different countries like Russia, Japan, Ukraine, Australia, Argentina, Taiwan and Netherlands. Several links containing the same features were noticed by the investigator. The only difference of each file was the filename, icon and subject.

Escober’s analysis revealed that the worm can effectively hide itself in your removable drive’s directories. Then, it replaces the folders with a file with .LNK extension. This way, the malware gets activated whenever you try to open each folder in your directory.

Based on the number of hits in the malicious URLs, the U.S. has the highest statistics. It is probably due to the nature of the issue being a national interest.

So, what can you get upon infection? Trend Micro said that the Boston bombing worm can steal all your credentials from the various file transfer protocols that you have. Next, it collects the details of your email contacts through your local drive. On top of these, the worm has the capability to drain your Bitcoin wallet, if you are a user of the virtual currency.

Cybercriminals usually take advantage of trending or newsworthy issues to spread their work. An example of this is when Jorge Mario Bergoglio, better known as Pope Francis, was elected into the highest position of the Roman Catholic Church. They also use the names of famous celebrities to drive fans into their website rigged with malicious programs like Emma Watson, which we featured in our earlier post.

Source: Trend Micro blog

Person Finder Launched Again By Google In The Wake Of Boston Bombing

person finder

What should have been a picture perfect finish turned grim in the Boston marathon finish line on April 15 when two explosives allegedly went off. The Boston bombing immediately left 3 dead and dozens injured, which we featured in our previous report.

The incident turned all eyes and ears towards Boston as the national and even international media focused on the event. Of course, this raised worries on the part of the families and friends of Boston residents.

As a result, Google launched its Person Finder again to help the people of Boston get in touch with their relatives anywhere in the world. The company launched the service just hours in the aftermath of the horrific Boston bombing to finally put the families of people living in Boston at ease.

According to the website of eWeek, the service contains approximately 5,400 names of people that can be searched easily online. The figures were based on the April 16 statistics of the site.

To use the service, the users can either put their own names there or the name of a person related to them who can attest to their safety. People can also enter other information relevant to them that can help their relatives or friends confirm their well-being after the Boston blasts.

The Google Person Finder is one of Google’s services that aim to promote charitable acts or good cause by extending assistance to people who were victims of a major catastrophe or crime. The service is available at the website.

Google notably activated the service during the height of the Haiti crisis when the area was devastated by a powerful earthquake in 2010 which left hundreds of thousands dead, plus millions who were either injured or deprived of their property. Aside from providing a reliable database to check the status of the people in the area, the company donated around one million USD to the government of Haiti based on a 2010 report of several news sources including eWeek.

The good thing about the service is that anyone can just use it said the report. This is because the database uses common file formats that can be easily interchanged with other listings so that the data about the victims and survivors can be conveniently entered and accessed by concerned individuals like friends and family members.

Based on the FAQ section of the Person Finder, the service is only activated whenever the conditions that require its use arise. The gravity of the situation is analyzed by the Google Crisis Response Team first. Then, they come with specific tools that could address the problem depending on the needs of the people in the area affected by the disaster or unfortunate incident.

Other useful information like the Boston Mayor’s Office hotline and Boston Police contact numbers have been displayed in the site too in order to address the needs of victims and to aid the police investigations.

Google added that the duration of the service depends on the crisis. After the crisis is over, all the information entered in the Google Person Finder pages will be deleted.

Source: eWeek

Police Turn To Crowdsourcing To Gather Boston Blast Evidences

Not a picture perfect finish at the Boston marathon. [Photo Source: CNN]
Not a picture perfect finish at the Boston marathon. [Photo Source: CNN]
The Monday Boston blast is another tragic event that rocked the nation in what was supposed to be a fun-filled marathon. According to the CNN coverage of the Boston marathon incident released on April 15, 3 individuals were pronounced dead including an 8-year old boy. Then, around 144 people are being treated in medical facilities. Among the 144 people, 17 are in critical condition and 25 are seriously injured. Approximately 10 of the injured required amputation of the limbs said a terrorism expert who was part of the investigation.

Currently, police are just relying on videos gathered from their surveillance cameras scattered in strategic locations. However, this method proves to be very taxing as there were blind spots in the area due to the huge number of people gathered at the location.

To speed up the investigation of the authorities in the Boston bombing, they are now seeking evidences through crowdsourcing. Boston police is presently encouraging potential witnesses who captured the event to contribute videos and pictures that could identify the culprits of the Boston blast. This could also let officials learn how the terrorists managed to pull such a heinous act.

Cheryl Fiandaca, the chief of the police department’s public information bureau said that they are looking at the video of the Boston marathon finish line at the moment.  But some technical difficulties are preventing them from arriving at a clear picture of the unfortunate occurrence.

Examples of the problems encountered by the information bureau were the unresponsiveness of the Boston City government’s official website plus the commotion and messy scenes of the event according to Fiandaca.

As a remedy to speed up the analysis of the crime, she released a message through Twitter asking for videos of the finish line. She stated through CNET that the department will attend to the evidences whether they were taken by official or unofficial sources. However, another problem that she is facing now is that it is not clear how the people who possess evidences pertaining to the Boston blast can share it to the police department without going to the station. The Federal Bureau of Investigation confirmed this predicament as well

Fiandaca added that the police do not usually turn to crowdsourcing as it does not form part of the investigation routine. But she said that this would serve as a quick alternative. This will pave way for future analysis to rely on crowdsourced data too.

So far, the news source pointed out that YouTube videos related to the Boston blast have been going viral but most of them were released by news agencies. Photos on Twitter were circulating the social networking site also but the materials were mostly focused on the aftermath or the dramatic moments during the explosion in the Boston marathon. The police may prefer getting information leading to the blast.

In addition, browsing through the event on the Internet using metadata such as hashtags can be cumbersome for the police because these could lead investigators to a lot of unrelated, inappropriate or replicated contents online.

Sources: CNET and CNN