Sick malware authors exploit Boston Marathon bombing with Trojan attack

With sick inevitability, cybercriminals have exploited interest in the breaking news story of the explosions at the Boston Marathon by spreading malware.

Messages spammed out by attackers claim to contain a link to video footage of Monday’s terrorist activity in Boston, with subject lines such as “2 Explosions at Boston Marathon”.

Malicious email about Boston Marathon bombing

Other subject lines used in the campaign include:

Sign up to our free newsletter.
Security news, advice, and tips.
  • Aftermath to explosion at Boston Marathon
  • Boston Explosion Caught on Video
  • Video of Explosion at the Boston Marathon 2013

It’s no surprise to see that the links used in the malicious email can vary – no doubt in an attempt to avoid rudimentary email filtering but they all appear to be based in Ukraine and Latvia.

If you make the mistake of clicking on the link, however, you are taken to a website which – while showing you genuine YouTube videos of the the horrific incident – attempts to infect your computer with a Windows Trojan horse that Sophos products detect as Troj/Tepfer-Q.

Malicious website

If installed, the malware makes changes to the Registry and installs the following files, allowing hackers to gain remote access to infected computers:

<System>driversnpf.sys
<System>Packet.dll
<System>wpcap.dll

The file NPF.sys is registered as a new service named “NPF”, with a display name of “WinPcap Packet Driver (NPF)”.

Clearly, there are no depths to which cybercriminals are not prepared to stoop in their hunt for victims.

The sick truth is that malware authors and malicious hackers lose no sleep about exploiting the deaths of innocent people in their attempt to infect computers for the purposes of stealing money, resources and identities.

Remember to be on your guard against such tactics. Maybe it’s time to get your news from legitimate news websites rather than an unsolicited email which arrives in your inbox?

Thanks to Julie Yeates and Hajnalka Kópé of SophosLabs for their assistance with this article.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.